Business Continuity Planning: Best Practices and Challenges
Explore the world of Business Continuity Planning (BCP) through the lens of best practices and challenges. Delve into the structured implementation of common sense strategies for ensuring operational resilience, particularly in times of crisis like COVID-19. Learn from the experiences and insights shared by industry expert Dhiraj Lal, Executive Director at Continuity & Resilience (CORE), as he guides you through the essential aspects of BCP. Gain valuable knowledge on how to navigate through disruptions and uncertainties effectively to safeguard your organization's continuity.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
LOGO Business Continuity Planning (BCP) - Best Practices and Challenges June 24, 2020
About the Speaker About the Speaker Dhiraj Lal Dhiraj Lal LOGO Dhiraj Lal, EXECUTIVE DIRECTOR, CONTINUITY & RESILIENCE (CORE) MBCI, CBCP, CBCI, ISO 22301 Technical Expert, CISA, ITIL, ISO 31000, ISO 27001 Lead Auditor A Chemical Engineer from IIT Delhi and MBA from IIM Calcutta, , Dhiraj Lal has over 20 years BCM experience and 32 years overall. He has worked with Citibank, Standard Chartered, Agilent and American Express, where he was the Program Sponsor and BCM Head. He is Asia s first BSI appointed Technical Expert for BS25999/ ISO 22301, and assessed 2 of the top 10 certified organizations globally. He teaches and consults in BCM (NCEMA 7000/ ISO 22301) and related domains. He has been invited to present at the BCI Annul conference in the UK, DRI US, BCMI Singapore, itSMF UK, DRI Asia in Malaysia, ISACA UAE, KSA and India, and also various Middle East Crisis, BCM and IT Resilience Summits in Abu Dhabi, Dubai, KSA and India Over 32 years in the industry. Ex BCM Sponsor and Head of American Express. Mix of experience as Practitioner, Trainer, and Consultant . BCI Approved Instructor. Over 15 years in BCM and related domains. Contributing Author to : The Encyclopaedia of Business Continuity, 3rd Edition Author of: Step by Step guide AE/SCNS/NCEMA 7000:2015. Implement BCM the UAE Way!
About Continuity & Resilience About Continuity & Resilience ISO 22301 Certified Management Consulting Firm LOGO Business Continuity Management Crisis Management IT Disaster Recovery Information Security Cyber Security Risk Management We Consult / Train / Assess and Certify in these domains We provide advisory services Automation tools BCM/ ITDR/ Mass Communication Workplace recovery E-Learning
Agenda Agenda LOGO Business Continuity Planning Business Continuity Implementation Roadmap BCP in times of COVID-19 Challenges and Best Practices
Business Continuity Planning Business Continuity Planning LOGO Planning to to continue the Business Not a new concept. A fancy name for common sense. In reality, we have been performing Business Continuity Planning for centuries But still, many organizations struggled to restart operations during COVID-19 So we need more than just common sense. We need a structured and formal implementation of common sense.
What we do not fully do in BAU common sense What we do not fully do in BAU common sense LOGO 1. Agree timelines, worst case and best case (MTPD and RTO) 2. Base it fully on facts and data (consequences of downtime) 3. Consultative process involving all interested parties 4. Comprehensive, documented and signed off 5. Communicate to all who need to know, including relevant third parties and service providers 6. Practice, Test & exercise. Review. Maintain & continually Improve Amazingly, this works !!
Challenges for cyber professionals Challenges for cyber professionals LOGO An uneven battle against an unknown enemy who has nothing better to do You have other matters to focus on but they have a single point agenda to damage You constantly focus on getting better and better - but so do they By the sheer law of averages, once in a while they will succeed At those times, your best best is to be able to restart fast and within minimum loss. So you need the world s best Business Continuity readiness Have you formally put in place the 6 Rs (Reduce, Respond, Recover, Resume, Restore Return)? When did you last practice them?
Challenges for cyber professionals Challenges for cyber professionals LOGO Economic Times, June 24 2020
Some reasons for Outages (Global data) Some reasons for Outages (Global data) LOGO Fire 6.6% Hurricane 7.2% Hardware error 5.6% Power surge 8.2% Earthquake 4.3% Network Outage 3.6% 3.5% Human Error Flood/Water 8.5% 2.5% Bombing 7.4% Others Including: Software Error 1.2% Employee sabotage 1.2% Burst water pipe 1.2% Miscellaneous 3.8% 11.5% Storm Damage 31.1% Power Outage 9 Source: Contingency Planning Research Inc.
Business Continuity is a wise investment Business Continuity is a wise investment LOGO Lack of BCP is self goal Minimize business disruptions and quickly recover Retain business model and increase market share and profits Protect the organization s value and reputation Corporate governance and shareholder commitment National requirements Contractual commitments, Legal and regulatory compliance Moral and social responsibilities Demonstrate best practice Reduce insurance liabilities 10
Business Continuity Implementation Roadmap Business Continuity Implementation Roadmap LOGO Typical steps
International BCM Standard International BCM Standard ISO 22301 ISO 22301 LOGO Clause 1 Clause 2 Clause 3 Clause 4 Clause 5 Clause 6 Clause 7 Clause 8 Clause 9 Clause 10 : Scope : Normative references : Terms and definitions : Context of the organisation : Leadership : Planning : Support : Operation : Performance evaluation : Improvement 12
Please implement a BCMS Please implement a BCMS not just BCM not just BCM LOGO Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity ISO 22301 Ensure continual improvement via the PDCA cycle
BCP in times of COVID BCP in times of COVID- -19 19 LOGO COVID-19 is different from a typical Business Continuity situation Much longer duration No clarity on final resolution Triggered not by damage to resources Entire ecosystem is impacted SOME POSITIVES Realization by all Even the PM asked entities to implement Business Continuity Tolerance It s Ok Permanent mindset changes
Suggestions for professionals Suggestions for professionals LOGO Don t stop now complete the journey Protect yourself against other new threats - implement the full BCM cycle Use this opportunity to create permanent BCM readiness and awareness across all segments Get your people ISO22301 trained and your organization ISO22301 compliant or even ISO22301 certified
Best Practices Best Practices LOGO Choose the right people Provide effective training in advance of the implementation Implement the full BCM lifecycle Right Commitment of Top Management Competency of all resources communication and tools Clearly defined roles, responsibilities, and authorities Continued management focus on the BCM Program
Build culture across all Interested Parties .. Build culture across all Interested Parties .. LOGO THE ORGANIZATION Customers Competitors Top Management Citizens Media Those who establish policies and objectives for the BCMS Distributors Commentators Those who set up & manage BC Shareholders Trade Groups Those who maintain BC Procedures Investors Neighbours Owners of business continuity procedures Owners Pressure Groups Incident Response Personnel Insurers Emergency Services Those with authority to invoke Government Transport Services Appropriate spokespeople Other Response Agencies Regulators Response Teams Recovery Services Suppliers Dependents of staff Other Staff Contractors
Build Culture via Training and Awareness Build Culture via Training and Awareness LOGO Group/ Audience Training Top Management Awareness, Crisis Management, Crisis Communication Core BCM Team CBCI/ Lead Implementer, Lead Auditor Core BCM Team Specialised courses (BIA, RA, Plan Writing, Testing etc.) Department Coordinator/ BC Champions Implementer, Internal Auditor Audit Team Internal Auditor, Lead Auditor All Employees Awareness
Build Culture via tests and exercises Build Culture via tests and exercises LOGO 7 6 Cost Complexity Risk Assurance 5 4 Cost Complexity Risk (of distrurabnce due Test) 3 Assurance Frequency 2 1 Frequency 0 Review/ Walkthrough Table Top Call Tree Graph not to scale Simulation IT/ Work Area Recovery Integrated
Ensure Review, Maintenance and Improvement Ensure Review, Maintenance and Improvement LOGO Maintenance Advanced Testing and Exercising Ongoing Awareness and Training Internal Audit and Self Assessment Management review Supplier Review Corrections and Corrective actions Benchmarking Continual Improvement Instilling a BCM mindset 20
Way Forward=> Organizational Resilience Way Forward=> Organizational Resilience LOGO The ability of an organisation to absorb and adapt in a changing environment (BCI GPG 2018/ ISO 22316:2017) Way Forward=> Organizational Resilience Way Forward=> Organizational Resilience
LOGO Questions?
LETS KEEP IN TOUCH!! LOGO Thank You! Dhiraj Lal, Executive Director +91 99101 10240 dhiraj.l@continuityandresilience.com image005 image007 image008 Twitter logo 23