SlideShare ist ein Scribd-Unternehmen logo

Not Quite 20 Questions

Als PPS, PDF herunterladen
J
John Glenn

This document is a 20 question quiz about business continuity. It covers topics such as who needs business continuity plans, the differences between business continuity and disaster recovery, what business continuity plans include, who should be involved in creating plans, and how often plans should be reviewed and tested. The overall message is that business continuity planning is important for all organizations to ensure they can continue operating and serve their stakeholders in the event of a disruption. It should involve people from across the entire organization and address risks to internal operations as well as external dependencies like clients and vendors.

1 von 36
Not quite 20 questions a business continuity quiz
Q1: Business Continuity plans are needed for …  Charities  Commercial and industrial organizations  Government agencies  Non-Governmental Organizations (NGOs)  Non-profit organizations  Organizations which depend on IT services  All of the above  None of the above
A1: Business Continuity plans are needed for …  All of the above Everyone needs a plan. The courts (notes) ruled that vendors must protect their clients and meet product and Service Level agreements. In the financial industry, OTS says that vendor clients are responsible to assure the vendor can meet the contract's requirements. Commercial and industrial organizations need Business Continuity to protect the bottom line. Government agencies, NGOs, charities, and non-profits all need Business Continuity to assure they meet their mandates and, in the case of non-profits and charities, to assure continued donor support. CSO Flashpoint article by Wm. Cook, http://www.csoonline.com/read/050104/flashpoint.html Business Week article: http://www.businessweek.com/magazine/content/05_30/b3944042_mz011.htm
Q2: Business Continuity is a new name for Disaster Recovery  Yes  No
A2: Business Continuity is a new name for Disaster Recovery  No Disaster recovery is an integral part of Business Continuity, but Business Continuity is much more than disaster recovery.
Q3: Business Continuity is …  Proactive  Reactive
A3: Business Continuity is …
Q4: Business Continuity is concerned with …  Risks to Business Unit resources  Risks to Business Units  Risks to clients  Risks to critical vendors  Risks to IT  All of the above  None of the above
A4: Business Continuity is concerned with …  All of the above Business Continuity is an all-inclusive process. Plans should consider risks to clients (income) and vendors (critical supplies) as well as internal risks.
Q5: Business Continuity plans are developed …  At the function level  At the process level
A5: Business Continuity plans are developed …  At the process level Business Continuity is a process-level exercise; indeed, it is called "process re-engineering" by some. Plans created at the function, or 20,000-foot level, cannot be expected to identify risks to processes.
Q6: Business Continuity needs support from …  C*O-level executives  VP-level managers  Staff/Line managers  Unit personnel  Interns, new hires  All of the above  None of the above
A6: Business Continuity needs support from …  All of the above A successful Business Continuity plan is the result of input from everyone in the organization. Each person has his or her own perspective; each person has his or her own concerns. Working together, most risks will be identified early in the plan's development. Senior managers must enthusiastically support the plan so that others understand Business Continuity is not just an additional burden on their time.
Q7: Business Continuity plans include …  Communications  Crisis Management  Maintenance procedures and schedule  Personnel Awareness and Safety  Response plan to continue at least a "minimum level of service“  Response plan to restore to "business as usual“  Risk Assessment  Risk Avoidance and Mitigation  Succession planning  Training exercise methodology  All of the above  None of the above
A7: Business Continuity plans include …  All of the above Business Continuity is all that, and more. Policies and Procedures, for example, are a key component of a complete Business Continuity plan and need to be considered at management level.
Q8: Business Continuity response plans need …  One responder assigned for every response function  Two responders assigned for every response function  No specific responder assigned to specific response functions
A8: Business Continuity response plans need …  Two responders assigned for every response function Primary and alternate responders are required for every response function to assure that the function is staffed even if one responder is absent - illness, vacation, training, temporary assignment elsewhere; any number of reasons.
Q9: Business Continuity plans include personnel from …  Area lodges, auditoriums  Profit center staff  Electrical service providers  Receptionist  Facilities  Senior management  Finance/Accounting  Staff and line management  HR  Telephone service providers  Insurance company  All of the above  IT/MIS  None of the above  Junior management  Lenders, financial backers  Local Emergency Management  Municipal agencies  Mail room
A9: Business Continuity plans include personnel from …  All of the above You cannot create a plan in a vacuum. No one is a Subject Matter Expert (SME) in every field; bring in the SMEs wherever they are found. Lenders to protect their investment may be offer advice to maintain a cash flow. Insurers, to cut losses, have Risk Specialists to help clients. Emergency Management can provide security and fire safety training; local government has topological maps showing flood and other risk areas. Area lodges and auditoriums house the organization if something; they are more easily cabled for telephones and computers than rented offices.
Q10: Create Business Continuity plans because …  Having a plan is a good marketing tool  Insurance companies may give discounts to organizations with plans  Lenders want to protect their investment(s)  Management can be sued for lack of "due diligence“  Regulatory bodies require them  Some clients require proof of plan  All of the above  None of the above
A10: Create Business Continuity plans because …  All of the above More and more organizations include in their literature and on their Web sites information about their Business Continuity plan. Some insurance companies may give discounts to clients with viable Business Continuity plans; financial backers normally are willing to risk a little more on organizations which have both a solid business plan and a viable Business Continuity plan. Financial, medical, and several other businesses are required by law to have plans. Even U.S. Federal agencies must have plans called Continuation Of OPeration plans, or COOP.
Q11: Business Continuity planners must be experts in …  Accounting and Finance  Production lines  Business Continuity  Shipping and Receiving  Call center operation  Telecommunications  Database software  All of the above  Email  None of the above  HR  IT/MIS  Microsoft products  Operating systems  Order Entry
Q11: Business Continuity planners must be experts in …  Business Continuity No one should expect a Business Continuity planner to be an HR expert; why then is the planner supposed to be an IT/MIS expert? Business Continuity planners need to be Business Continuity experts; people with the ability to ferret out risks by carefully listening to each function unit and executive level expert.
Q12: Business Continuity plans should be reviewed …  Depends on the organization's dynamics  Never  Once-a-year  Quarterly  Twice-a-year When the organization's Business Plan is reviewed  Whenever a "trigger event" occurs
A12: Business Continuity plans should be reviewed …  Depends on the organization's dynamics  When the organization's Business Plan is reviewed  Whenever a "trigger event" occurs Business Continuity plans are reviewed when the organization's business plan is changed; the Business Continuity plan's response efforts are closely tied to the business plan. Business Continuity plans must be reviewed whenever a trigger event occurs; such events include changes to personnel, place (location), policies, politics (regulations, codes - even municipal), procedures, processes (including tools to perform the process), products, providers (a/k/a vendors), provisions (cafeteria, "junk food" machines), and purchasers (major clients - new/loss of business).
Q13: Business Continuity plans should be exercised …  Continually (on-going exercises at various levels)  Never  Once-a-year  Twice-a-year  Whenever the plan changes
A13: Business Continuity plans should be exercised …  Continually  Whenever the plan changes Business Continuity response plan exercises must be on-going. They serve two primary purposes. First, they uncover plan deficiencies. No plan is perfect the first time out, and all plans must change as the organization changes. Second, and perhaps more importantly, exercises help develop responder confidence. Typically exercises start off with "desktop walk-throughs" and work up to "throw-the-switch" or nearly that level. ("Throwing the switch" is both dangerous and expensive, but in some organizations, it is a requirement.)
Q14: Business Continuity plans should be created for …  The enterprise  Each individual functional (business and support) unit  Both of the above  Neither of the above
A14: Business Continuity plans should be created for …  Both of the above Each functional unit should have a stand-alone plan, with its individual declaration and stand-down criteria. As long as an event is isolated to one functional unit, only that unit declares a disaster condition. If the condition will impact other functional units, then the event is elevated to the next higher plan level until the enterprise level is reached.
Q15: Business Continuity plans should be created by …  Anyone assigned the planning task  Board members  Chief Executive officers  Functional unit managers  Functional unit managers and staff  The Business Continuity planner  All of the above  None of the above
A15: Business Continuity plans should be created by …  Functional unit managers and staff The people who know the functional unit best should create the plan for the functional unit. At the enterprise level, C*Os are involved as SMEs. The Business Continuity planner mentors and guides the SMEs as needed.
Q16: The Business Continuity planner's primary function(s) is/are …  Coordinate plans between functional units  Create an integrated enterprise plan  Mentor functional unit planners  All of the above  None of the above
Q16: The Business Continuity planner's primary function(s) is/are …  All of the above The planner assures that each functional unit plan will work with other functional unit and enterprise plans and that all inter- unit risks are recognized and that appropriate avoidance or mitigation measures recommended. The planner, with executive level SME support, is responsible for the enterprise plan.
Q17: An organization's most important resource is …  Accounting department  Payroll department  Benefits department  People (staff, clients, visitors)  Business Continuity department  PR/Corporate Communications  Call center  Production department  Facility  Security department  Finance department  Senior management  Gym  Shipping & Receiving department  HR/Personnel department  Telecommunications department  IT/MIS department  Training department  Legal department  All of the above  Lunchroom  None of the above  Mail room  Marketing  Order entry
A17: An organization's most important resource is …  People (staff, clients, visitors) The most critical resource in every organization is its people. It was a "trick" question in that everything included in the organization is important; however, people are the critical resource. Servers can serve up data without constant attention, but when they malfunction, they don't fix themselves. Facilities can be replaced, as can data and telecommunications centers and infrastructure. Some people can be replaced, but skilled personnel can be hard to find and expensive to replace. (Think about recruiting and training costs and the loss or production until the replacements are "up to speed.") Hardware, software, buildings - all can be replaced with relative ease. Not so with people. If you have to select one thing from the list - and that was the question, "most critical resource" - the only answer is people. Everything else is just "important."
About the author John Glenn is a certified (MBCI) and experienced (13 + years) business continuity & enterprise threat management practitioner Glenn can be contacted at JohnGlennMBCI@gmail.com 727-542-7843 © 2009, John Glenn, MBCI

Empfohlen

business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness Imad Almurib
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
 
Bcp
BcpBcp
Bcpmadunix
 

Empfohlen

business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness Imad Almurib
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
 
Bcp
BcpBcp
Bcpmadunix
 
Business continuity management system
Business continuity management systemBusiness continuity management system
Business continuity management systemsubbusai82
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
 
BUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemBUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemKuroba Kaitou
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
 
Key Metrics for Disaster Recovery and Business Continuity
Key Metrics for Disaster Recovery and Business ContinuityKey Metrics for Disaster Recovery and Business Continuity
Key Metrics for Disaster Recovery and Business ContinuityAxcient
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementCody Shive
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
Bcp drp
Bcp drpBcp drp
Bcp drpaqel aqel
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsGlobal Risk Forum GRFDavos
 
IT Disaster Recovery Readiness
IT Disaster Recovery ReadinessIT Disaster Recovery Readiness
IT Disaster Recovery ReadinessBashar Alkhatib
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.inSatya Yadav
 
IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
 
Bcm Roadmap
Bcm RoadmapBcm Roadmap
Bcm Roadmapbtrmuray
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryoDanang suryo Wardhono
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningDipankar Ghosh
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...Mart Rovers
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 
Planning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessPlanning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessLiz Sims
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in generalJohn Johari
 

Weitere ähnliche Inhalte

Was ist angesagt?

Business continuity management system
Business continuity management systemBusiness continuity management system
Business continuity management systemsubbusai82
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
 
BUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemBUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemKuroba Kaitou
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
 
Key Metrics for Disaster Recovery and Business Continuity
Key Metrics for Disaster Recovery and Business ContinuityKey Metrics for Disaster Recovery and Business Continuity
Key Metrics for Disaster Recovery and Business ContinuityAxcient
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementCody Shive
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsGlobal Risk Forum GRFDavos
 
IT Disaster Recovery Readiness
IT Disaster Recovery ReadinessIT Disaster Recovery Readiness
IT Disaster Recovery ReadinessBashar Alkhatib
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.inSatya Yadav
 
IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
 
Bcm Roadmap
Bcm RoadmapBcm Roadmap
Bcm Roadmapbtrmuray
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningDipankar Ghosh
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...Mart Rovers
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 

Was ist angesagt? (20)

Business continuity management system
Business continuity management systemBusiness continuity management system
Business continuity management system
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
BUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemBUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT system
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation Overview
 
Key Metrics for Disaster Recovery and Business Continuity
Key Metrics for Disaster Recovery and Business ContinuityKey Metrics for Disaster Recovery and Business Continuity
Key Metrics for Disaster Recovery and Business Continuity
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and Management
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcp
 
Bcp drp
Bcp drpBcp drp
Bcp drp
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in Telecoms
 
IT Disaster Recovery Readiness
IT Disaster Recovery ReadinessIT Disaster Recovery Readiness
IT Disaster Recovery Readiness
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.in
 
IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business Continuity
 
Bcm Roadmap
Bcm RoadmapBcm Roadmap
Bcm Roadmap
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
 

Ähnlich wie Not Quite 20 Questions

Planning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessPlanning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessLiz Sims
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in generalJohn Johari
 
Business continuity in small business 1
Business continuity in small business 1Business continuity in small business 1
Business continuity in small business 1John Johari
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperGreg Cybulski, CBCP, ARM
 
A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)leemond25
 
2.0 The Course Forward
2.0 The Course Forward2.0 The Course Forward
2.0 The Course ForwardGrowthWorx
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfAbdulbasit Almauly
 
SMU Solved Assignment MB0052
SMU Solved Assignment MB0052SMU Solved Assignment MB0052
SMU Solved Assignment MB0052Revlon
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity PlanBizPlanss
 
Integrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic PriorityIntegrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic PriorityGeoff Rodrigues
 
Integrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic PriorityIntegrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic PriorityGeoff Rodrigues
 
Explaining finance to my grandchildren
Explaining finance to my grandchildrenExplaining finance to my grandchildren
Explaining finance to my grandchildrenChristian FOURNIER
 
Introduction to controlling
Introduction to controllingIntroduction to controlling
Introduction to controllingAhmed Adel
 
A Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityA Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityDiana DePaola
 
Promotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdf
Promotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdfPromotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdf
Promotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdfCPittman3
 

Ähnlich wie Not Quite 20 Questions (20)

Planning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessPlanning For Long-Term Success Of A Business
Planning For Long-Term Success Of A Business
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in general
 
Business continuity in small business 1
Business continuity in small business 1Business continuity in small business 1
Business continuity in small business 1
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
 
A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)
 
110430 bcm presentation v0.1 mj
110430 bcm presentation v0.1 mj110430 bcm presentation v0.1 mj
110430 bcm presentation v0.1 mj
 
2.0 The Course Forward
2.0 The Course Forward2.0 The Course Forward
2.0 The Course Forward
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdf
 
SMU Solved Assignment MB0052
SMU Solved Assignment MB0052SMU Solved Assignment MB0052
SMU Solved Assignment MB0052
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
 
Integrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic PriorityIntegrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic Priority
 
Integrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic PriorityIntegrating Resiliency As A Strategic Priority
Integrating Resiliency As A Strategic Priority
 
Pereira diamond benefits management model - Q&A
Pereira diamond benefits management model - Q&APereira diamond benefits management model - Q&A
Pereira diamond benefits management model - Q&A
 
Business
BusinessBusiness
Business
 
Cii Sme
Cii SmeCii Sme
Cii Sme
 
Explaining finance to my grandchildren
Explaining finance to my grandchildrenExplaining finance to my grandchildren
Explaining finance to my grandchildren
 
Introduction to controlling
Introduction to controllingIntroduction to controlling
Introduction to controlling
 
A Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityA Proactive Approach to Business Continuity
A Proactive Approach to Business Continuity
 
Promotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdf
Promotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdfPromotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdf
Promotion_of_Business_Continuity_Management_-_Plan_Guide_and_template.pdf
 

Not Quite 20 Questions

  • 1. Not quite 20 questions a business continuity quiz
  • 2. Q1: Business Continuity plans are needed for …  Charities  Commercial and industrial organizations  Government agencies  Non-Governmental Organizations (NGOs)  Non-profit organizations  Organizations which depend on IT services  All of the above  None of the above
  • 3. A1: Business Continuity plans are needed for …  All of the above Everyone needs a plan. The courts (notes) ruled that vendors must protect their clients and meet product and Service Level agreements. In the financial industry, OTS says that vendor clients are responsible to assure the vendor can meet the contract's requirements. Commercial and industrial organizations need Business Continuity to protect the bottom line. Government agencies, NGOs, charities, and non-profits all need Business Continuity to assure they meet their mandates and, in the case of non-profits and charities, to assure continued donor support. CSO Flashpoint article by Wm. Cook, http://www.csoonline.com/read/050104/flashpoint.html Business Week article: http://www.businessweek.com/magazine/content/05_30/b3944042_mz011.htm
  • 4. Q2: Business Continuity is a new name for Disaster Recovery  Yes  No
  • 5. A2: Business Continuity is a new name for Disaster Recovery  No Disaster recovery is an integral part of Business Continuity, but Business Continuity is much more than disaster recovery.
  • 6. Q3: Business Continuity is …  Proactive  Reactive
  • 8. Q4: Business Continuity is concerned with …  Risks to Business Unit resources  Risks to Business Units  Risks to clients  Risks to critical vendors  Risks to IT  All of the above  None of the above
  • 9. A4: Business Continuity is concerned with …  All of the above Business Continuity is an all-inclusive process. Plans should consider risks to clients (income) and vendors (critical supplies) as well as internal risks.
  • 10. Q5: Business Continuity plans are developed …  At the function level  At the process level
  • 11. A5: Business Continuity plans are developed …  At the process level Business Continuity is a process-level exercise; indeed, it is called "process re-engineering" by some. Plans created at the function, or 20,000-foot level, cannot be expected to identify risks to processes.
  • 12. Q6: Business Continuity needs support from …  C*O-level executives  VP-level managers  Staff/Line managers  Unit personnel  Interns, new hires  All of the above  None of the above
  • 13. A6: Business Continuity needs support from …  All of the above A successful Business Continuity plan is the result of input from everyone in the organization. Each person has his or her own perspective; each person has his or her own concerns. Working together, most risks will be identified early in the plan's development. Senior managers must enthusiastically support the plan so that others understand Business Continuity is not just an additional burden on their time.
  • 14. Q7: Business Continuity plans include …  Communications  Crisis Management  Maintenance procedures and schedule  Personnel Awareness and Safety  Response plan to continue at least a "minimum level of service“  Response plan to restore to "business as usual“  Risk Assessment  Risk Avoidance and Mitigation  Succession planning  Training exercise methodology  All of the above  None of the above
  • 15. A7: Business Continuity plans include …  All of the above Business Continuity is all that, and more. Policies and Procedures, for example, are a key component of a complete Business Continuity plan and need to be considered at management level.
  • 16. Q8: Business Continuity response plans need …  One responder assigned for every response function  Two responders assigned for every response function  No specific responder assigned to specific response functions
  • 17. A8: Business Continuity response plans need …  Two responders assigned for every response function Primary and alternate responders are required for every response function to assure that the function is staffed even if one responder is absent - illness, vacation, training, temporary assignment elsewhere; any number of reasons.
  • 18. Q9: Business Continuity plans include personnel from …  Area lodges, auditoriums  Profit center staff  Electrical service providers  Receptionist  Facilities  Senior management  Finance/Accounting  Staff and line management  HR  Telephone service providers  Insurance company  All of the above  IT/MIS  None of the above  Junior management  Lenders, financial backers  Local Emergency Management  Municipal agencies  Mail room
  • 19. A9: Business Continuity plans include personnel from …  All of the above You cannot create a plan in a vacuum. No one is a Subject Matter Expert (SME) in every field; bring in the SMEs wherever they are found. Lenders to protect their investment may be offer advice to maintain a cash flow. Insurers, to cut losses, have Risk Specialists to help clients. Emergency Management can provide security and fire safety training; local government has topological maps showing flood and other risk areas. Area lodges and auditoriums house the organization if something; they are more easily cabled for telephones and computers than rented offices.
  • 20. Q10: Create Business Continuity plans because …  Having a plan is a good marketing tool  Insurance companies may give discounts to organizations with plans  Lenders want to protect their investment(s)  Management can be sued for lack of "due diligence“  Regulatory bodies require them  Some clients require proof of plan  All of the above  None of the above
  • 21. A10: Create Business Continuity plans because …  All of the above More and more organizations include in their literature and on their Web sites information about their Business Continuity plan. Some insurance companies may give discounts to clients with viable Business Continuity plans; financial backers normally are willing to risk a little more on organizations which have both a solid business plan and a viable Business Continuity plan. Financial, medical, and several other businesses are required by law to have plans. Even U.S. Federal agencies must have plans called Continuation Of OPeration plans, or COOP.
  • 22. Q11: Business Continuity planners must be experts in …  Accounting and Finance  Production lines  Business Continuity  Shipping and Receiving  Call center operation  Telecommunications  Database software  All of the above  Email  None of the above  HR  IT/MIS  Microsoft products  Operating systems  Order Entry
  • 23. Q11: Business Continuity planners must be experts in …  Business Continuity No one should expect a Business Continuity planner to be an HR expert; why then is the planner supposed to be an IT/MIS expert? Business Continuity planners need to be Business Continuity experts; people with the ability to ferret out risks by carefully listening to each function unit and executive level expert.
  • 24. Q12: Business Continuity plans should be reviewed …  Depends on the organization's dynamics  Never  Once-a-year  Quarterly  Twice-a-year When the organization's Business Plan is reviewed  Whenever a "trigger event" occurs
  • 25. A12: Business Continuity plans should be reviewed …  Depends on the organization's dynamics  When the organization's Business Plan is reviewed  Whenever a "trigger event" occurs Business Continuity plans are reviewed when the organization's business plan is changed; the Business Continuity plan's response efforts are closely tied to the business plan. Business Continuity plans must be reviewed whenever a trigger event occurs; such events include changes to personnel, place (location), policies, politics (regulations, codes - even municipal), procedures, processes (including tools to perform the process), products, providers (a/k/a vendors), provisions (cafeteria, "junk food" machines), and purchasers (major clients - new/loss of business).
  • 26. Q13: Business Continuity plans should be exercised …  Continually (on-going exercises at various levels)  Never  Once-a-year  Twice-a-year  Whenever the plan changes
  • 27. A13: Business Continuity plans should be exercised …  Continually  Whenever the plan changes Business Continuity response plan exercises must be on-going. They serve two primary purposes. First, they uncover plan deficiencies. No plan is perfect the first time out, and all plans must change as the organization changes. Second, and perhaps more importantly, exercises help develop responder confidence. Typically exercises start off with "desktop walk-throughs" and work up to "throw-the-switch" or nearly that level. ("Throwing the switch" is both dangerous and expensive, but in some organizations, it is a requirement.)
  • 28. Q14: Business Continuity plans should be created for …  The enterprise  Each individual functional (business and support) unit  Both of the above  Neither of the above
  • 29. A14: Business Continuity plans should be created for …  Both of the above Each functional unit should have a stand-alone plan, with its individual declaration and stand-down criteria. As long as an event is isolated to one functional unit, only that unit declares a disaster condition. If the condition will impact other functional units, then the event is elevated to the next higher plan level until the enterprise level is reached.
  • 30. Q15: Business Continuity plans should be created by …  Anyone assigned the planning task  Board members  Chief Executive officers  Functional unit managers  Functional unit managers and staff  The Business Continuity planner  All of the above  None of the above
  • 31. A15: Business Continuity plans should be created by …  Functional unit managers and staff The people who know the functional unit best should create the plan for the functional unit. At the enterprise level, C*Os are involved as SMEs. The Business Continuity planner mentors and guides the SMEs as needed.
  • 32. Q16: The Business Continuity planner's primary function(s) is/are …  Coordinate plans between functional units  Create an integrated enterprise plan  Mentor functional unit planners  All of the above  None of the above
  • 33. Q16: The Business Continuity planner's primary function(s) is/are …  All of the above The planner assures that each functional unit plan will work with other functional unit and enterprise plans and that all inter- unit risks are recognized and that appropriate avoidance or mitigation measures recommended. The planner, with executive level SME support, is responsible for the enterprise plan.
  • 34. Q17: An organization's most important resource is …  Accounting department  Payroll department  Benefits department  People (staff, clients, visitors)  Business Continuity department  PR/Corporate Communications  Call center  Production department  Facility  Security department  Finance department  Senior management  Gym  Shipping & Receiving department  HR/Personnel department  Telecommunications department  IT/MIS department  Training department  Legal department  All of the above  Lunchroom  None of the above  Mail room  Marketing  Order entry
  • 35. A17: An organization's most important resource is …  People (staff, clients, visitors) The most critical resource in every organization is its people. It was a "trick" question in that everything included in the organization is important; however, people are the critical resource. Servers can serve up data without constant attention, but when they malfunction, they don't fix themselves. Facilities can be replaced, as can data and telecommunications centers and infrastructure. Some people can be replaced, but skilled personnel can be hard to find and expensive to replace. (Think about recruiting and training costs and the loss or production until the replacements are "up to speed.") Hardware, software, buildings - all can be replaced with relative ease. Not so with people. If you have to select one thing from the list - and that was the question, "most critical resource" - the only answer is people. Everything else is just "important."
  • 36. About the author John Glenn is a certified (MBCI) and experienced (13 + years) business continuity & enterprise threat management practitioner Glenn can be contacted at JohnGlennMBCI@gmail.com 727-542-7843 © 2009, John Glenn, MBCI