Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP
•
0 gefällt mir•52 views
![Alvin Integrated Services [AIS]](https://cdn.slidesharecdn.com/profile-photo-AlvinIntegratedServi-48x48.jpg?cb=1614595249)
Rinske Geerlings, Managing Director, Business As Usual, Sydney, Australia
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP
Ähnlich wie Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP (20)
Mehr von Alvin Integrated Services [AIS]
Mehr von Alvin Integrated Services [AIS] (6)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Pandemic: Crisis or Opportunity? ISO 22301 best practice Implementation tips for your BCP
- 1. Contact us: info@alvinintegrated.com | +91 8802 505619, +91 8287509289 | www.alvinintegrated.com Platinum Sponsor OUR SPONSORS & PARTNERS Event Partner www.alvinintegrated.com Knowledge Partners 27th FEB 2021 (SATURDAY) 09:00 AM - 17:30 PM IST
- 2. Ms Rinske Geerlings MD, Founder and Principal Consultant/ Trainer @ Business As Usual (Sydney, Australia) Risk Consultant of the Year 2017 (RMIA) Outstanding Security Consultant of the Year 2019 (OSPAs Finalist) Pandemic: Crisis or Opportunity? ISO 22301 best practice implementation tips for your BCP
- 3. Kindly Note: Speaker will take your questions automatically. If you have any question, please comment that in chat box. Please keep your mic mute. 22/10/2020
- 4. Presenter background Rinske Geerlings, Founder & Principal Consultant, Business As Usual • 20+ years of management consultancy experience globally • Business As Usual (since 2006): Concultancy & training to 14 Central Banks and 100s of other Government/SME/Corporate organisations across Australia, Asia, Africa, Europe and Latin-America • Accredited in Business Continuity (BCM), IT Management, Information Security and Risk Management (trained 1000s of professionals) • Specific regulatory experience • Risk Consultant of the Year 2017 - RMIA (Australasia) • Outstanding Security Consultant of the Year 2019 Finalist - OSPAs • Australian Business Woman of the Year 2010-13 - BPW (global NGO) • Alumnus of the Year 2013 – TU Delft
- 5. Business Continuity and COVID-19 ‘The good, the bad and the ugly’ • Not everyone had a pandemic plan, and even less had actually tested it • Little consistency in responses and primarily ad-hoc forms of recovery • Lack of available (and properly validated) tools for staff to work ‘en masse’ from home (incl hardware, software, connectivity) • Communication and management styles not always appropriate for the new ways of work • Apathy... And laziness! • ‘Single Points of Failure’ (SPoF) • Renewed focus on what staff actually love to be/do/have • Financial damages... But also upsides
- 6. External vs internal crisis (or opportunity?)
- 7. External vs internal crisis (or opportunity?)
- 8. External vs internal crisis (or opportunity?)
- 9. External vs internal crisis (or opportunity?)
- 12. Covid review/brainstorm session During an incident (i.e. Emergency Management / Crisis Management / Business Continuity / Recovery related) Business as usual (i.e. current/future ongoing business operations related) Internal (staff/internal process related) Positives/strengths Positives/strengths People/role/skill related: … … People/role/skill related: … … Planning/process related: … … Planning/process related: … … Technology/tools related: … … Technology/tools related: … … Challenges/improvement ideas Challenges/improvement ideas People/role/skill related: ... … People/role/skill related: … … Planning/process related: … … Planning/process related: … … Technology/tools related: … … Technology/tools related: … …
- 13. During an incident (i.e. Emergency Management / Crisis Management / Business Continuity / Recovery related) Business as usual (i.e. current/future ongoing business operations related) External (client related) Positives strengths / Positives/strengths People/role/skill related: ... … People/role/skill related: ... … Planning/process related: … … Planning/process related: … … Technology/tools related: … … Technology/tools related: … … Challenges/improvement ideas Challenges/improvement ideas People/role/skill related: ... … People/role/skill related: ... … Planning/process related: … … Planning/process related: … … Technology/tools related: … … Technology/tools related: … … Covid review/brainstorm session
- 14. Success story: External opportunities
- 15. Success story: External opportunities
- 16. Success story: External opportunities
- 17. Success story: External opportunities
- 18. Success story: External opportunities
- 22. … plus a LOT of humour! “At the end of COVID, you are required to wear your mask for 2 weeks in this way, so that your ears can get back to their normal position.”
- 23. Common BCP pitfalls • The BCP is too long, or too short, or it resembles ‘Swiss cheese’ • Documents are inconsistent and it’s unclear how they all ‘hang together’ • The right versions are unfindable and the plan is not retrievable when the IT systems are down/unreachable • The plan doesn’t have clear, easy-to-perform steps and/or no clear role/ask discription • The BCP was built with a free template ‘off the Internet’ - and is as such not ‘fit for purpose’ • There is no pre-agreed list of BCP team members, nor any ‘additionals’ and their contact details (and team members not knowing their name is on a list of critical staff) • No proper tests/rehearsals, nor any (induction) training on the BCP is taking place • The IT Disaster Recovery Plan has not been validated end-to-end (rather just only piece-meal style) • Recovery Time Objectives (RTOs) are determined per application, but go ‘out the window’ if multiple applications are down at the same time • No centralised notification process, nor a suitable tool that has acknowledgement of message receipt and that works with multiple platforms (e.g. 4G/5G, email etc) • Overall ignorance about the importance of future BCP activities (“We did pretty well through COVID, right?”) All in all, staff are not actually ‘incident ready’
- 24. 1. BC Facilitator team (i.e. not just 1 BCP manager) 2. Dynamic, browser-based BCM framework > prevent ‘collecting dust on the shelf’ (e.g. on secure network location / Sharepoint). Colourful, matrix style documentation. Hyperlink/utilise what is already there in your organisation. 3. Multi-disciplinary team structure across disaster ‘stages’ (to cater for fatigue and enable feasible exercise scope) 4. Consequence-based planning (i.e. not cause-based) 5. Toolkit approach to BCP activation (‘80/20 rule’ – KISS) 6. ‘Top down’ approach based on time-critical processes 7. Strong focus on communication/notification planning (including acknowledgement, pull communication etc) 8. Prioritise (be selective in order to achieve a few processes to work end-to-end ) 9. Develop, agree, document and validate any initial/manual workarounds 10.Training, awareness, rehearsing, exercising... To the point of boredom! Best practice BCP: How really make ISO 22301 work for you?
- 25. Stay in touch LinkedIn: Rinske Geerlings www.businessasusual.com.au rinskeg@businessasusual.com.au www.linkedin.com/in/businessasusual www.linkedin.com/company/ businessasusual
- 27. Please give your feedback in the chat box about the webinar.