Bill Scott

advertisement
Continuity
Planning
An Overview…
1
Continuity Planning
Bill Scott CBCP
Contingency Planning Coordinator
Great Lakes Educational Loan Services, Inc.
 (608) 246-1442
 bscott@glhec.org
2
What Is
Continuity Planning?
To begin answering that question let’s
define an incident…
Simply stated, an incident can be any
accidental or intentional event that causes
significant disruption to a company’s
operation for a period of time.
3
So Why Do Continuity
Planning?
You do Continuity Planning to provide a
planned and controlled method of
anticipating and responding to those
incidents that are likely to interrupt key
business activities.
4
Continuity Planning
Is a business owned and driven activity that
can provide the strategic and operational
framework to review the way your
organization provides its products and
services and increase its resilience to
disruption, interruption or loss.
5
Continuity Planning
By doing so your continuity plan should
help you ask and answer the following:





What would my financial losses be and
how can I avoid them?
What legal requirements do I need to
meet?
How can I avoid loss of market share?
How can I protect the safety of my
assets, including employees ?
How can I mitigate negative publicity?
6
The Continuity Planning
Life-Cycle
There are five basic steps that should be
followed when developing a continuity plan:
1.
2.
3.
4.
5.
Analyze your business
Assess the risks
Develop your strategy
Develop your plan
Rehearse the plan
Due to the rapidly changing nature of
business conditions the process is not
static, but cyclical.
7
Analyze Your Business
•
This is the first stage of the business continuity
planning life-cycle because it is necessary to
understand from the start exactly where your
business is vulnerable.
•
You will need the fullest possible understanding of the
important processes of your business and between
you, your customers and suppliers.
•
This stage of the process will also help to gain the
involvement and understanding of other people and
departments.
8
Assess the risks…
There are two aspects to every risk to your
organization:
• How likely is the risk to happen?
• What effect will it have on your
organization?
Continuity Planning will provide a framework for
assessing the impact of each one.
9
Assess the risks…
Many organizations usually define their
assessment in terms of cost. For example:
• How much could you afford to lose if an
incident prevented you from doing
business for days, weeks or months?
• How would employees, business
partners, suppliers, customers and
potential customers react if your
business received adverse publicity
because you were unprepared for an
incident?
10
Assess the risks…
There are three ways to work with the
information you have gathered to provide
an assessment of the risks.
 Ask 'what if?' questions.
 Ask what the worst-case scenario is.
 Ask what functions and people are
essential, and when.
11
Develop Your Strategy…
Whatever type of organization you are, you will
probably choose one of the following strategies:
•
•
•
•
•
Accept the risks – do/change nothing.
Accept the risks, but make a mutual
arrangement with another business or a
business continuity partner to ensure that you
have help after an incident.
Attempt to reduce the risks.
Attempt to reduce the risks and make
arrangements for help after an incident.
Reduce all risks to the point where you
should not need outside help.
12
Develop Your Strategy…
Your attitude to risk will be partly based on
the costs of delivering effective business
continuity. When working these out,
remember to include both money and
people's time.
13
Develop Your Plan…
Once your strategy has been decided upon, the plan can be put
in place. Business continuity management plans will look different
for different organizations. However, most good continuity plans
share some important features:
•
•
•
•
•
•
Make it clear who needs to do what, and who takes
responsibility for what.
You should always include backups to cover key roles.
Use check lists that people can easily follow.
Include clear instructions for the crucial first hours after an
incident.
Include a list of things that can be thought about after the
first hours.
A plan of how often, when and how you will review your
plan to make sure it is always a 'living document'.
14
Develop Your Plan…
A good plan will be simple without being
simplistic. You will never be able to plan in
detail for every possible event.
Remember that people need to be able to
react quickly in an emergency: stopping to
read lots of detail will make that more
difficult.
15
Exercise Your Plan…
• A Continuity Plan is a living document and
sometimes, you only discover any
weaknesses it has when you put it into
action.
• Exercises help you confirm that your plan
will be cohesive and robust if you ever
need it.
16
Exercise Your Plan…
Exercises are also good ways to train staff that have
business continuity responsibilities.
Possible ways to exercise the plan include:
• Paper-based exercises (table-top exercises)
• Telephone tree call outs
• Functional exercise
• Surprise exercises
You need to develop strategies that enable you to
check the entire plan with minimum cost and
disruption to day-to-day processes.
17
Continuity Planning
Remember:
•
People are your most important asset.
•
Murphy does EXIST!!!
•
The Boy Scouts
got it right… BE PREPARED…
•
It can’t hurt!
18
Download