FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
BCM Presentation - Investment or Expense?
1. Business Continuity
Investment or expense?
Sidney R. Modenesi, MCBCC, MBCI
IV Seminário de GCN
Gestão da Continuidade de Negócios
Brasília – 25/06/13
1
This is a quick and straight translation of the original presentation, i.e., some translation errors may occur.
2. Agenda
Opening
What is Business Continuity
Some local significant regulations
Standards and Good Practice
Real experiences
Investment or expense
Adjourn
2
3. Presenter
Sidney R. Modenesi, MCBCC, MBCI,
BS 25999 Technical Expert;
BCI Area Representative for Brazil;
STROHL Brasil General manager since 2002;
Bachelor in Computer Sciences, IME/USP;
Master Degree in Entrepreneurship, FIA/FEA/USP;
Approved in the DRII certification exam in 2000;
Approved as MBCI by BCI in 2005;
BS 25999 Technical Expert by BSI in2011;
Contacts: sidneymd@thebci.com.br
sidney_modenesi@strohlbrasil.com.br
+55 11 5583-0033
3
4. Business Continuity Institute
Global leader institute in Business Continuity;
Mission: to promote the art and science of Business
Continuity worldwide;
With 10.000+ certified professionals in 100+
countries;
Supported the development and enhancement of
many Business Continuity standards as:
PAS 56, BS 25999, ISO 22301/22313, GPG 2013 ...
4
5. Assumptions
“If anything can go wrong, it
will.”
Murphy s Law
“And more, it will go wrong in
the worst manner, at the worst
moment and in a way it will
cause the worst possible
damage.”
Corollary
“Murphy was an optimist”.
Clark s Law
Noeh Arch
1st documented record of Business
Continuity in the Human Kind
history, although using an inside
information …
5
6. What is Business Continuity?
(according to ISO 22301/22313)
It is a holistic management process
that identifies potential threats to an
organization and the impacts to
business operations those threats, if
realized, might cause, and which
provides a framework for building
organizational resilience with the
capability of an effective response
that safeguards the interests of its
key stakeholders, reputation, brand
and value-creating activities.
6
8. What is Business Continuity?
(according to ISO 22301/22313)
Or simply: to restart in a
planned way services,
products and/or critical
business processes in a
alternate location, in a
priory defined time frame
and service level, before
the consequences and
impacts become
unacceptable.
8
9. Local significant regulations
3380 Regulation – BACEN (like FED)
Defines the implementation of the Operational Risk
management strucuture in accordance with the Basel II
agreement. Be in force since July 29th, 2006.
VI – existence of contingency plans containing
strategies to be adopted to assure continuity
conditions of core activities and to limit severe losses
due to operational risks.
9
10. Significant regulations
Business Resiliency and
Continuity
Principle 10: Banks should
have business resiliency and
continuity plans in place to
ensure an ability to operate on
an ongoing basis and limit
losses in the event of severe
business disruption.
The Committee’s paper, High-level principles
for business continuity, August 2006, discusses
sound continuity principles in greater detail.
10
11. Local significant regulations
SAC Law
(Customer Service Centers)
SUSEP – Circular # 285
(insurance market)
4. Operational Continuity
Plans:
4.1. to indicate a summary
plan of the operational
continuity in contingency or
emergency situations;
4.2. to present the results of
the last test of the
operational continuity test.
11
12. Standards and Good Practice in BCM
ISO 22301:2012 Good Practice Guidelines 2013
12
16. Real experiences
Fukushima, Japão - 2011
16
Due to the Fukushima earthquake and
tsunami some Brazilian car factories
had to close one of the production
shifts due to lack of core components.
BALANCE: Lost sales
22. Real experiences
The potential risks list is
endless:
Naturals:
Heavy rains,
earthquakes, vulcanos,
tornados ...
Humans, accidentals
or deliberates:
fire, explosion,
contamination ...
Technological:
Hacker, invasion, virus,
systemic failure...
22
23. Risk Appetite
For each non eliminated risk
An strategy developed, documented, tested and
updated will be needed
To restart in a planned way services, products
and/or critical business processes in a alternate
location, in a priory defined time frame and
service level, before the consequences and
impacts become unacceptable.
23
24. Implementation cycle
• To identify and mitigate risks.
• FOR EACH NON ELIMNATED RISK
• Recovery Strategies
• Developed, documented, tested and updated
• To planned restart services, products and/or business processes in an
alternate location
• PDCA - Plan, Do, Check and Act
24
25. Investments and expenses
The development and implementation of the
Recovery Strategies will require de:
• Initial (upfront) investments to adapt office space,
electrical power, network, PABX and phone lines,
desks, chairs, workstations ...
• Recurring expenses to maintain all this infra
structure and
• Eventual expenses with exercises, testes and
validation tests (DRP).
25
27. Investment or expense?
• Financially BCM has:
– Implementation investments CAPEX
– Recurring expenses OPEX
• In the Management or Risk Appetite point of
view BCM helps to increase the operational
resilience
– Increasing availability, productivity and time
redution of the interruptions Investment
–It is part of the business cost.
27
28. Return of investment
Plan
Do
Check
Act
Plan the recovery
strategy
Implement
the recovery
strategy
Exercise, test and
stress the recovery
strategy
Treat the Non
Conformities:
•Update the Recovery
Strategies and/or
•Update the BAU
daily processes.
Benefits: improve in the
quality, productivity and
availability of the critical
products, services and
business processes.
28
29. Adjourn
A well developed, implemented and maintained
Business Continuity Program will:
Increase the Risk Awareness;
Reduce the organization risks;
Reduce the interruption durations;
Bring ROI;
Increase the organization value, specially with
a BCMS certification.
29