PBSi
Business Continuity
Business Continuity
Planning
PBSi
Definition
Definition
• Business Continuity planning is a
planning process designed to reduce
the risk that disruptive failures or events could seriously harm your business.
• It is designed to safeguard your
business by ensuring the continuity of a minimum set of business functions and a smooth return to normal operating
PBSi
Causes of Failure
Causes of Failure
• Failures or events may be external or internal in nature
• External: Loss of power,
communications, flooding, interruption of supply chain
• Internal: Loss of information, fire, corrupted IT systems, loss of key personnel
PBSi
Purpose
Purpose
• Provide predetermined actions to
– Allow prompt resumption of critical functions
– Reduce decision making during recovery operations
– Allow return to normal operating conditions at the earliest possible time
– Minimize financial loss and hardship – Minimize the extent of interruption
PBSi
Required By
Required By
• US Securities Exchange Commission for companies >$10M
• Emergency Preparedness Canada for all Government Departments
• National Contingency Planning Group and Treasury Board Secretariat for
Mission Critical government functions for Y2K
PBSi
Business Continuity Planning
Requirements Analysis (scoping study) Business Impact Analysis (BIA) Options Analysis Implementation Strategy Aggregate Continuity Plan Test / Validate / Update Plans Lifecycle Maintenance Risk Management Business Continuity Management Plan Business Plans, Policies, Objectives, Procedures Project Risk Assessment Business Risk Assessment Options Risk Assessment Strategic Risk Assessment Integrated Risk Assessment Update Risk Assessments Update Risk Assessments Integration Plans
PBSi
Benefits of Contingency
Benefits of Contingency
Planning
Planning
• Successfully deal with threats to survival
• Successfully deal with threats to continuing operations
• Successfully deal with interruptions of critical functions
• Allows comprehensive planning and implementation of procedures that do not have to be invented in time of crisis
PBSi Risk Mitigation Contingency Planning Contingency Planning (Disaster Recovery) Business Resumption Planning
Preparedness / Prevention Crisis Response Return to Normalcy
Determine Workarounds Stockpile
Establish Redundant Systems Remediate / Replace Current Systems
Execute Established Procedures
Restore Failed Systems Return to Pre-Crisis Operations Readiness Posture Crisis Response Posture Transition and RecoveryPosture
AIM: Prevent Failure of Critical Business Functions
AIM:To Restore a Minimum Level of Service Within the
Required Timeframe
AIM: To restore Normal Operating Conditions
Business Continuity
Planning
Normal Service Level
Minimum Service Level
PBSi
Process Diagram
Process Diagram
Risk Assessment Business Function Analysis Contingency Planning Crisis Response Recovery Planning Training TestingPBSi
Process Steps
Process Steps
• Risk Assessment
• Business Function Analysis • Contingency Planning
• Crisis Response • Recovery Planning • Training
PBSi
Risk Assessment
Risk Assessment
• Appraisal/review of existing documents, policies, business plans and disaster
recovery plans
• Risk identification ensures that risks associated with all facets of business operations are captured
PBSi
Business Function Analysis
Business Function Analysis
• Define business functions and relative criticality
• Map assets and interdependencies of critical business functions
• Determine consequence of failures and identify key vulnerabilities
• Determine the minimum service level and identify gaps in ability to deliver minimum service level in a crisis.
PBSi Assets Critical Function Infrastructure Interdependenci es Transportation Utilities Government Services Services Communication Safety Others Functional Interdependencies
Assets & Interdependencies
Clients Others Suppliers Other Government Departments Employees Companies Embedded Systems Facilities Internal/ External Interfaces IT Systems IT Infrastructure End User Computing
PBSi
Contingency Plan
Contingency Plan
• Define options for the plan wrt to
function, process, system and people • Define responsibility and reporting
• Identify resources required to invoke plan and procedures
• Cost benefit analysis to select cost effective procedures
PBSi
Crisis Response
Crisis Response
• Crisis response activities include reporting and management response
• Developing plans and procedures to assess failures
• Describing thresholds for invoking contingencies
• Describing individual responsibilities and authorities
PBSi
Recovery Planning
Recovery Planning
• Defines the planning necessary to
return to normal operating conditions after a crisis.
• Dependent on the nature of business and contingency plans developed to-date
PBSi
Business Continuity
Business Continuity
Plan
Plan
Contingency Procedures & Triggers Contingency Plan Overview Crisis Response Plan Contingency Plan Business Resumption Plan Business Resumption Procedures Crisis Response Procedures Departmental Crisis Definition Crisis ScenariosTraining, Test & Maintenance Plan
PBSi
Training
Training
• Develop training plan
• Conduct the training for the
implementation of the business continuity plan
• Record lessons learned
• Make recommendations for changes to business continuity plan and procedures
PBSi
Testing
Testing
• Design test program, write test scenarios and exercises, and conduct the test of business continuity plans
• Tests may be structured walkthrough, operational or live exercise
• Assess performance
• Validate test and gather lessons learned • Develop recommendations and implement
PBSi
