Linus New V Old School BCIF - isaca-melbourne.org.au fileBusiness Continuity Management Scenario Planning Vs Resource Loss Planning (Old School Thinking Vs New School Thinking) by
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Business Continuity ManagementBusiness Continuity Management
Scenario Planning Vs Resource Loss PlanningScenario Planning Vs Resource Loss Planning(Old School Thinking Vs New School Thinking)(Old School Thinking Vs New School Thinking)
by Saul Midler (MBCI)by Saul Midler (MBCI)
Agenda:IntroductionRisk Reduction via scenarios(Old School)Business Continuity via Resources (New School)
Consider 9/112,800 DIED and 185,000 workers lost their JOB* including:
- 7,300 in IT- 3,000 in Accounting- 3,000 in Insurance- 2,200 in Commercial Printing
320 companies did not reopen for business The Survivors include:
- Cantor Fitzgerald lost 658 staff - resumed operations 2 days later- Marsh & McLennon: 3,200 staff over 8 floors- Morgan Stanley: 3,500 staff over 17 floors- NY Port Authority: 2,000 staff over 23 floors
Research took place in March 2007 by: The Chartered Management Institute (UK), supported by Continuity Forum and the Civil Contingencies Secretariat within the Cabinet Office England
Causes of operational disruption to organisations in the past 6 years
Risk means different things to different peopleto understand it, you need to put it into context with definition
Risk is very broad – what is our focus?Legal Liability (eg exposure to litigation – faulty products)Political/Regulatory (eg policy sensitivity)Financial/Market (eg risk of credit defaults)Mergers and Acquisitions (eg undisclosed contingent liabilities)Corporate Governance (eg breaches of regulations)Experimentation (eg new product or process, R&D activity)OH&S (eg ensuring worker safety)Market Sector (eg Emerging competitors, new technology)Operational (dependency on Resources and processes)Other…..
What is Business Continuity Management?What is Business Continuity Management?
Effective BCM ensures that your organisation:
has a level of operational resilience appropriate to support the needs of the business as defined by the corporate objectives
has the capability to continue to provide its customers with critical services and products regardless of any operational disruption
maintain appropriate management practices as ‘business as usual’ to ensure that its Business Continuity capabilities always reflect the needs, technology and structure of the business
BCM = Business Driven + Continuity Capable + Management Discipline
When disaster strikes:a business function ceases to produce its outputthe recipient of the output suffers painthe organisation then suffers pain (or goes out of business!!)
Q: Why can’t the output be produced? Think of Cause and Effect - Remember: Disasters don’t cause businesses to fail!!
A: Because one or more RESOURCES are not available
What are Resources?assets that must be available to enable a Business Function to operate and produce its output include computer software, personal computers, telephones, information itself, paper files, pre-printed forms, IT, Network drive, fax machine, skilled staff, machinery, equipment, accommodation, third-party organisations etc.
How do we stop a disruption from becoming a disaster?Risk Management cannot reduce the risk to zeroNeed to invoke procedures:
- based on business driven restoration priorities- to work around the Resource loss until the Resources are available- to repair or replace the unavailable Resources with respect to:
o Destination (if we have to leave the site)o Quantities
What scenarios will this support?WHY DOES IT MATTER????More than you can imagineALL that result in Resource Loss
Why?Think of Cause and Effect - Remember: Disasters don’t cause businesses to fail!!
The cause of the Resource loss is irrelevant to its replacement