BCM is a holistic management process
that identifies potential impacts that threaten an organisation
and provides a framework for building resilience with the capability for an effective response
that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
BIA is a process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that may result if an organization was to experience a disruption from a disaster event.
A simpler definition, BIA is a survey that shows how soon you need to have something and do something in order to not ruin your reputation, not lose a lot of money, and not go out of business.
2. We do 3 things : -
Advise
Deeply experienced team
Backed by Ovum in Africa – IT Finance strength
Business – IT Transformation Model
Innovate
Return on Business Agility
Rapid Innovation with Outsystems
Business Model Innovation – Saas-it.net
Change
Liberate legacy - Adaptivity
Business Process as a Service – Procurement, IT Finance, Portfolio
Governance as a Service
3. What is Buiness Continuity?
A holistic management process
that identifies potential impacts that
threaten an organisation
and provides a framework for building
resilience with the capability for an
effective response
that safeguards the interests of its key
stakeholders, reputation, brand and
value creating activities.
It’s a business problem, technology just makes it easier…
Source: The BCI Org
5. Governance & Risk Support To Board & CIO
How Deliverable
• Business Continuity Management • Integrate DRP with BCM
• Compliance with governance
• Business continuity plan and readiness
• Risk management • Risk assessment
• Risk mitigation plans
• Risk monitoring
• Governance review • IT governance plans and procedures aligned
with organisational governance
It must have executive participation and buy-in…
6. A holistic management process
Business Continuity life cycle that identifies potential impacts that threaten an
organisation
and provides a framework for building resilience
with the capability for an effective response
that safeguards the interests of its key
Understanding your stakeholders, reputation, brand and value
business creating activities.
- BIA
- Risk Assess & controls
Determining Continuity
Embed BCM Culture
Strategies
- Training & Awareness
- Resources
- Monitoring
- Posture
- Change Management
Programme Management - Options
Develop / Implement
Response
Exercise / Maintain /
Review - Incident & Continuity
Response Plans
- Test
- Business Unit Plan
- Improve
- resumption
It’s a business programme, not an IT project…
8. Co-development model
Communication
Message Level of Ownership
Approach
Tell You will! Very Low
Sell This will be really good! Low
Look what you’ll get out of
Buy Average
this
Consult What do you really need? High
What should we build
Co-Development Very High
together?
It needs participation and buy-in at all levels with a proper budget…
10. What is business impact analysis (BIA)?
BIA is a process designed to prioritize business functions by
assessing the potential quantitative (financial) and qualitative
(non-financial) impact that may result if an organization was to
experience a disruption from a disaster event.
A simpler definition, BIA is a survey that shows how soon you
need to have something and do something in order to not ruin
your reputation, not lose a lot of money, and not go out of
business.
11. Business Impact Analysis template
ID Business Process Dependency Failure Mode Impact Timeframe Comments
Primary Sub Enabling Enablers Hard- System Critical Location Financia Customer MAO Critical Recovery
Function Business Function (Applica- ware Unavail- Personnel Unavail- l Impact Services Min/hrs time Time
Process (depende tions) able Unavailable able R (Reputation frames Objective
Functions ncy) million ) (dates) (RTO)
1-5
Key:
MAO = Maximum Acceptable Outage
impact:
1 = lowest impact; 2 = lower impact;
3 = low impact; 4 = high impact
5 = highest impact
12. BIA considerations for your organisation / business unit
Understand your key risks per function…
13. Recoverability & Strategy
ID A. Existing Plans ID B. Manual Workarounds ID C. Backups ID D: Off site Storage
A1 Existing current plan – B1 Manual workaround – C1 Full backups – every D1 Backup tapes and
off-site solution already documented day, fully tested hardcopies removed
everyday off site
A2 Existing outdated plan – B2 Manual workaround – not C2 Full backups – D2 Backup tapes and
off site solution documented rotational – tested on hardcopies removed off
rotation site on a weekly basis
A3 Existing current plan – B3 Possible manual C3 Incremental backups D3 Backup tape removed of
on campus solution workaround – not yet only – fully tested site, no hardcopies
identified removed
A4 Existing outdated plan – B4 No possible manual C4 Incremental backups D4 No backups nor
on campus solution workaround with rotation – tested hardcopies removed off
on rotation site
ID Type ID Type ID Type ID Type ID Type ID Type
BCP1 Full BCP’s: BCP2 Full BCP’s BCP3 Contact List BCP4 Use BCP5 Manual BCP6 No Plan
Off site on Campus only Existing work-
(3rd Party) Off-site arounds
Facility