SlideShare ist ein Scribd-Unternehmen logo

A Business Case for Establishing BCP

Business Beam
Business Beam
BusinessTechnologie
1 von 30
Downloaden Sie, um offline zu lesen
www.businessbeam.com A business case for establishing Business Continuity Plan (BCP) Business Beam (Pvt.) Limited
Contents 2 What is Business Continuity?1 Business Benefits2 Implementation Roadmap3 Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
What is Business Continuity? A business case for establishing a Business Continuity Plan
9/11 for Pakistan 4 Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
Happened in Karachi (June 26, 09) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.5
Suicide Attack in Lahore (May 27, 09) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.6
Thanks to KESC Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.7
Berger Paints Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.8
Fire at Shahra-e-Faisal Building Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.9
The Reality of Business Continuity Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.10  43% of US companies never reopen after a disaster and 29% more close within 3 years.  20% of small to medium size businesses suffer a major disaster every 5 years.  78% of organizations which lacked contingency plans but suffered catastrophic loss were gone within 2 years…most had insurance, and many had business interruption coverage! (Sources: U.S. National Fire Protection Agency, U.S. Bureau of Labor, Richmond House Group and B2BContinuity.com)
11 IsThis An Effective Management Strategy In the Face of the KNOWN Risks! YES! NO! Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
Effects of Effective Business Continuity Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.12 The impact on shareholder value Source: “The Impact of Catastrophes on Shareholder Value,” Rory F. Knight & Deborah J. Pretty, Templeton College, University of Oxford, p. 3. Trading days after the event 25 50 75 100 125 150 175 200 225 Effective crisis response Ineffective crisis responses
What is Business Continuity Management? 13  Business Continuity Management (BCM) is a holistic management process that:  Identifies potential impacts that threaten an organization,  Provides a framework for building resilience and the capability for an effective response,  Safeguards the interests of key stakeholders, reputation, brand and value creating activities. Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
Success or Failure? Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.14 C No BCM – usual outcome B No BCM – lucky escape Time Levelofbusiness Critical recovery point A Fully tested effective BCM
Business Benefits A business case for establishing a Business Continuity Plan
Key Benefits (1) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.16  To Business  Gain reputation as “Safe and Secure Organization”  First mover advantage  Cost effectiveness = Higher profitability  Better compliance with laws and regulations  Better continuity in case of any disaster  To Operations  Better risk management & risk reduction  Better cost control  Defined SOPs  To IT  Identification and control of information assets  Better risk management  Defined SOPs  IT Disaster management
Key Benefits (2) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.17  Better policies, procedures and working templates  Business continuity  Information security  Related roles and responsibilities  Organization wide awareness  SAP related and general IT infrastructure  Use of network services  Mobile computing
Key Benefits (3) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.18  Identification of Business Critical processes  Process identification  Process ranking according to business criticality  Continuity strategies for critical processes  Business Continuity planning  Business Impact Analysis (BIA)  BCP for all areas under scope  BCP awareness, testing and exercises
Key Benefits (4) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.19  Information Asset Management  Information Classification  Information Asset Identification & Classification  Employee Skill Management  Risk Management  Identification and Analysis of Risks  Treatment of Risks  Development of Risk Management Approach & Criteria
Key Benefits (5)  Better Description of Roles & Responsibilities  Job description related to information security  Pre-hiring controls  During employment personnel development  Post-employment controls  Physical Security  Identification of Secure Areas  Equipment Security Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.20
Key Benefits (6) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.21  Communications & Operations Management  Documented SOPs  Segregation of duties  Third party service delivery management  System planning & acceptance  Data backup and recovery  Network security  Media handling  e-Commerce  Access Control  Access control policy and procedures  User, network and OS access control  Application and mobile access control
Key Benefits (7) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.22  Regulatory compliance  All applicable laws  Intellectual property rights  Framework for Continual Improvement  Regular Internal Audits  Corrective & preventive actions
Implementation Roadmap A business case for establishing a Business Continuity Plan 23
Implementation Roadmap 24 Phase 1: Scoping & Planning Phase 2: Understanding the Organization Phase 3: Risk Assessment and Control Phase 4: Implementation of Mitigation Strategies Phase 5 Training for Audit and Internal Audit Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
Phase 1: Scoping & Planning 25 Awareness Awareness Sessions Implementer Trainings TeamFormation Establishing Management Steering Group Establishing working groups ProjectScoping Identification of geographical scope Identification of functional scope Documenting and agreeing the scope of the assignment Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
Phase 2: Understanding the Organization 26 ProcessIdentification Identification of functions under scope Identification of processes under scope BIA Identification of business impact if process does not work Prioritizing processes based on time criticality Presenting report to the management AssetRegistration Identification & classification of information assets in the organization Asset value assessment Asset ownership identification Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
Phase 3: Risk Assessment and Control 27 RiskAssessment Identification of application threats, and risks Analyzing probability and impact of risks RiskThreshold Calculating risk threshold Defining risk acceptance criteria DevelopmentofSOA Selection of right controls to handle the identified risks Implementing risk threshold and acceptance criteria Developing and presenting SOA Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
Phase 4: Implementation of Mitigation Strategies Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.28 SecurityControls Developing processes and procedures for information security controls MitigationPlanning Identifying right mitigation strategies Planning for implementation BusinessContinuityPlan Development of Business Continuity Plan Desktop exercise of BCP
Phase 5: Training for Internal Audit and Internal Audit Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.29 InternalAuditTraining Hands-on internal audit trainings for selected individuals Internal audit trainings on both standards InternalAudit Conducting first internal audit Developing Internal Audit report AuditFindings Detailed assistance in closure of audit findings Identification of corrective and preventive actions
www.businessbeam.com Thank You! contact@businessbeam.com

Empfohlen

Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 
JAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATION
JAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATIONJAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATION
JAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATIONJAMES OKARIMIA
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...Mart Rovers
 
Aula 11 - Terceirização em TI
Aula 11 - Terceirização em TIAula 11 - Terceirização em TI
Aula 11 - Terceirização em TIFilipo Mór
 
Iso 22301
Iso 22301Iso 22301
Iso 22301Craig Willetts ISO Expert
 
Business Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementBusiness Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementAndrew Styles
 
What is Cobit
What is CobitWhat is Cobit
What is CobitBen Kalland
 

Empfohlen

Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planninggcleary
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 
JAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATION
JAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATIONJAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATION
JAMES OKARIMIA SOLVENCY II FOR DUMMIES PRESENTATIONJAMES OKARIMIA
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...Mart Rovers
 
Aula 11 - Terceirização em TI
Aula 11 - Terceirização em TIAula 11 - Terceirização em TI
Aula 11 - Terceirização em TIFilipo Mór
 
Iso 22301
Iso 22301Iso 22301
Iso 22301Craig Willetts ISO Expert
 
Business Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementBusiness Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementAndrew Styles
 
What is Cobit
What is CobitWhat is Cobit
What is CobitBen Kalland
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An OverviewAnurag Purohit
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningInstitute for Business Continuity Training
 
Business continuity
Business continuityBusiness continuity
Business continuityAlka Mehar
 
Plan de continuité des activités: le vrai enjeu stratégique
Plan de continuité des activités: le vrai enjeu stratégiquePlan de continuité des activités: le vrai enjeu stratégique
Plan de continuité des activités: le vrai enjeu stratégiqueDigicomp Academy Suisse Romande SA
 
Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016leschaney
 
Plan de Secours Informatique dans une entreprise industrielle ou de service C...
Plan de Secours Informatique dans une entreprise industrielle ou de service C...Plan de Secours Informatique dans une entreprise industrielle ou de service C...
Plan de Secours Informatique dans une entreprise industrielle ou de service C...Jean-Antoine Moreau
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Industry 4.0 : Evolution of the Revolution
Industry 4.0 : Evolution of the RevolutionIndustry 4.0 : Evolution of the Revolution
Industry 4.0 : Evolution of the RevolutionApurva Sharma
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
Audit of IT Governance (Reference documents to be audited)
Audit of IT Governance (Reference documents to be audited)Audit of IT Governance (Reference documents to be audited)
Audit of IT Governance (Reference documents to be audited)Ammar Sassi
 
Plan de continuité d'activité - PCA
Plan de continuité d'activité - PCAPlan de continuité d'activité - PCA
Plan de continuité d'activité - PCAWissem CHEROUANA
 
An introduction to lean six sigma
An introduction to lean six sigmaAn introduction to lean six sigma
An introduction to lean six sigmaBusiness Beam
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsSubhajit Bhuiya
 
Operation Management Chapter One.pptx
Operation Management Chapter One.pptxOperation Management Chapter One.pptx
Operation Management Chapter One.pptxzelalemdagne3
 
Operation Management Chapter One.pptx
Operation Management Chapter One.pptxOperation Management Chapter One.pptx
Operation Management Chapter One.pptxzelalemdagne3
 
Are You Selling Safety? Anyone Buying? November 2009
Are You Selling Safety? Anyone Buying? November 2009Are You Selling Safety? Anyone Buying? November 2009
Are You Selling Safety? Anyone Buying? November 2009FayFeeney
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Continuity and Resilience
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Multi Model Performance Improvement
Multi Model Performance ImprovementMulti Model Performance Improvement
Multi Model Performance ImprovementGeorge Brotbeck
 

Weitere ähnliche Inhalte

Was ist angesagt?

Business continuity
Business continuityBusiness continuity
Business continuityAlka Mehar
 
Plan de continuité des activités: le vrai enjeu stratégique
Plan de continuité des activités: le vrai enjeu stratégiquePlan de continuité des activités: le vrai enjeu stratégique
Plan de continuité des activités: le vrai enjeu stratégiqueDigicomp Academy Suisse Romande SA
 
Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016leschaney
 
Plan de Secours Informatique dans une entreprise industrielle ou de service C...
Plan de Secours Informatique dans une entreprise industrielle ou de service C...Plan de Secours Informatique dans une entreprise industrielle ou de service C...
Plan de Secours Informatique dans une entreprise industrielle ou de service C...Jean-Antoine Moreau
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Industry 4.0 : Evolution of the Revolution
Industry 4.0 : Evolution of the RevolutionIndustry 4.0 : Evolution of the Revolution
Industry 4.0 : Evolution of the RevolutionApurva Sharma
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
Audit of IT Governance (Reference documents to be audited)
Audit of IT Governance (Reference documents to be audited)Audit of IT Governance (Reference documents to be audited)
Audit of IT Governance (Reference documents to be audited)Ammar Sassi
 
Plan de continuité d'activité - PCA
Plan de continuité d'activité - PCAPlan de continuité d'activité - PCA
Plan de continuité d'activité - PCAWissem CHEROUANA
 

Was ist angesagt? (12)

Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business continuity
Business continuityBusiness continuity
Business continuity
 
Plan de continuité des activités: le vrai enjeu stratégique
Plan de continuité des activités: le vrai enjeu stratégiquePlan de continuité des activités: le vrai enjeu stratégique
Plan de continuité des activités: le vrai enjeu stratégique
 
Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016
 
Plan de Secours Informatique dans une entreprise industrielle ou de service C...
Plan de Secours Informatique dans une entreprise industrielle ou de service C...Plan de Secours Informatique dans une entreprise industrielle ou de service C...
Plan de Secours Informatique dans une entreprise industrielle ou de service C...
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 
Industry 4.0 : Evolution of the Revolution
Industry 4.0 : Evolution of the RevolutionIndustry 4.0 : Evolution of the Revolution
Industry 4.0 : Evolution of the Revolution
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
 
Audit of IT Governance (Reference documents to be audited)
Audit of IT Governance (Reference documents to be audited)Audit of IT Governance (Reference documents to be audited)
Audit of IT Governance (Reference documents to be audited)
 
Plan de continuité d'activité - PCA
Plan de continuité d'activité - PCAPlan de continuité d'activité - PCA
Plan de continuité d'activité - PCA
 

Ähnlich wie A Business Case for Establishing BCP

An introduction to lean six sigma
An introduction to lean six sigmaAn introduction to lean six sigma
An introduction to lean six sigmaBusiness Beam
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsSubhajit Bhuiya
 
Operation Management Chapter One.pptx
Operation Management Chapter One.pptxOperation Management Chapter One.pptx
Operation Management Chapter One.pptxzelalemdagne3
 
Operation Management Chapter One.pptx
Operation Management Chapter One.pptxOperation Management Chapter One.pptx
Operation Management Chapter One.pptxzelalemdagne3
 
Are You Selling Safety? Anyone Buying? November 2009
Are You Selling Safety? Anyone Buying? November 2009Are You Selling Safety? Anyone Buying? November 2009
Are You Selling Safety? Anyone Buying? November 2009FayFeeney
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Continuity and Resilience
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
Multi Model Performance Improvement
Multi Model Performance ImprovementMulti Model Performance Improvement
Multi Model Performance ImprovementGeorge Brotbeck
 
Gilard Application Programmers - OSM Features.pdf
Gilard Application Programmers - OSM Features.pdfGilard Application Programmers - OSM Features.pdf
Gilard Application Programmers - OSM Features.pdfManjiv Singh
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk SureCloud
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
The linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT GovernanceThe linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT GovernanceThe Open Group SA
 
The linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT GovernanceThe linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT GovernanceMagdalena Bezuidenhout
 
Eacbpm 2015 operational agility v5 final_may 18
Eacbpm 2015 operational agility v5 final_may 18Eacbpm 2015 operational agility v5 final_may 18
Eacbpm 2015 operational agility v5 final_may 18Okayed
 
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 PresentationRisk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation360factors
 

Ähnlich wie A Business Case for Establishing BCP (20)

An introduction to lean six sigma
An introduction to lean six sigmaAn introduction to lean six sigma
An introduction to lean six sigma
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
 
Operation Management Chapter One.pptx
Operation Management Chapter One.pptxOperation Management Chapter One.pptx
Operation Management Chapter One.pptx
 
Operation Management Chapter One.pptx
Operation Management Chapter One.pptxOperation Management Chapter One.pptx
Operation Management Chapter One.pptx
 
Are You Selling Safety? Anyone Buying? November 2009
Are You Selling Safety? Anyone Buying? November 2009Are You Selling Safety? Anyone Buying? November 2009
Are You Selling Safety? Anyone Buying? November 2009
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architecture
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
Multi Model Performance Improvement
Multi Model Performance ImprovementMulti Model Performance Improvement
Multi Model Performance Improvement
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Gilard Application Programmers - OSM Features.pdf
Gilard Application Programmers - OSM Features.pdfGilard Application Programmers - OSM Features.pdf
Gilard Application Programmers - OSM Features.pdf
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
The linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT GovernanceThe linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT Governance
 
The linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT GovernanceThe linchpin between Corporate Governance and IT Governance
The linchpin between Corporate Governance and IT Governance
 
Eacbpm 2015 operational agility v5 final_may 18
Eacbpm 2015 operational agility v5 final_may 18Eacbpm 2015 operational agility v5 final_may 18
Eacbpm 2015 operational agility v5 final_may 18
 
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 PresentationRisk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
 

Mehr von Business Beam

What is iso 9001 qms
What is iso 9001 qmsWhat is iso 9001 qms
What is iso 9001 qmsBusiness Beam
 
How to write itil examinations
How to write itil examinationsHow to write itil examinations
How to write itil examinationsBusiness Beam
 
An introduction to prince2
An introduction to prince2An introduction to prince2
An introduction to prince2Business Beam
 
How to write pmp examinations
How to write pmp examinationsHow to write pmp examinations
How to write pmp examinationsBusiness Beam
 
How to write cbap examinations
How to write cbap examinationsHow to write cbap examinations
How to write cbap examinationsBusiness Beam
 
Establishing an Effective PMO
Establishing an Effective PMOEstablishing an Effective PMO
Establishing an Effective PMOBusiness Beam
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Myths and Realities About ITIL
Myths and Realities About ITILMyths and Realities About ITIL
Myths and Realities About ITILBusiness Beam
 

Mehr von Business Beam (8)

What is iso 9001 qms
What is iso 9001 qmsWhat is iso 9001 qms
What is iso 9001 qms
 
How to write itil examinations
How to write itil examinationsHow to write itil examinations
How to write itil examinations
 
An introduction to prince2
An introduction to prince2An introduction to prince2
An introduction to prince2
 
How to write pmp examinations
How to write pmp examinationsHow to write pmp examinations
How to write pmp examinations
 
How to write cbap examinations
How to write cbap examinationsHow to write cbap examinations
How to write cbap examinations
 
Establishing an Effective PMO
Establishing an Effective PMOEstablishing an Effective PMO
Establishing an Effective PMO
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Myths and Realities About ITIL
Myths and Realities About ITILMyths and Realities About ITIL
Myths and Realities About ITIL
 

Kürzlich hochgeladen

KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 

Kürzlich hochgeladen (20)

KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 

A Business Case for Establishing BCP

  • 1. www.businessbeam.com A business case for establishing Business Continuity Plan (BCP) Business Beam (Pvt.) Limited
  • 2. Contents 2 What is Business Continuity?1 Business Benefits2 Implementation Roadmap3 Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 3. What is Business Continuity? A business case for establishing a Business Continuity Plan
  • 4. 9/11 for Pakistan 4 Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 5. Happened in Karachi (June 26, 09) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.5
  • 6. Suicide Attack in Lahore (May 27, 09) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.6
  • 7. Thanks to KESC Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.7
  • 8. Berger Paints Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.8
  • 9. Fire at Shahra-e-Faisal Building Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.9
  • 10. The Reality of Business Continuity Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.10  43% of US companies never reopen after a disaster and 29% more close within 3 years.  20% of small to medium size businesses suffer a major disaster every 5 years.  78% of organizations which lacked contingency plans but suffered catastrophic loss were gone within 2 years…most had insurance, and many had business interruption coverage! (Sources: U.S. National Fire Protection Agency, U.S. Bureau of Labor, Richmond House Group and B2BContinuity.com)
  • 11. 11 IsThis An Effective Management Strategy In the Face of the KNOWN Risks! YES! NO! Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 12. Effects of Effective Business Continuity Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.12 The impact on shareholder value Source: “The Impact of Catastrophes on Shareholder Value,” Rory F. Knight & Deborah J. Pretty, Templeton College, University of Oxford, p. 3. Trading days after the event 25 50 75 100 125 150 175 200 225 Effective crisis response Ineffective crisis responses
  • 13. What is Business Continuity Management? 13  Business Continuity Management (BCM) is a holistic management process that:  Identifies potential impacts that threaten an organization,  Provides a framework for building resilience and the capability for an effective response,  Safeguards the interests of key stakeholders, reputation, brand and value creating activities. Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 14. Success or Failure? Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.14 C No BCM – usual outcome B No BCM – lucky escape Time Levelofbusiness Critical recovery point A Fully tested effective BCM
  • 15. Business Benefits A business case for establishing a Business Continuity Plan
  • 16. Key Benefits (1) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.16  To Business  Gain reputation as “Safe and Secure Organization”  First mover advantage  Cost effectiveness = Higher profitability  Better compliance with laws and regulations  Better continuity in case of any disaster  To Operations  Better risk management & risk reduction  Better cost control  Defined SOPs  To IT  Identification and control of information assets  Better risk management  Defined SOPs  IT Disaster management
  • 17. Key Benefits (2) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.17  Better policies, procedures and working templates  Business continuity  Information security  Related roles and responsibilities  Organization wide awareness  SAP related and general IT infrastructure  Use of network services  Mobile computing
  • 18. Key Benefits (3) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.18  Identification of Business Critical processes  Process identification  Process ranking according to business criticality  Continuity strategies for critical processes  Business Continuity planning  Business Impact Analysis (BIA)  BCP for all areas under scope  BCP awareness, testing and exercises
  • 19. Key Benefits (4) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.19  Information Asset Management  Information Classification  Information Asset Identification & Classification  Employee Skill Management  Risk Management  Identification and Analysis of Risks  Treatment of Risks  Development of Risk Management Approach & Criteria
  • 20. Key Benefits (5)  Better Description of Roles & Responsibilities  Job description related to information security  Pre-hiring controls  During employment personnel development  Post-employment controls  Physical Security  Identification of Secure Areas  Equipment Security Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.20
  • 21. Key Benefits (6) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.21  Communications & Operations Management  Documented SOPs  Segregation of duties  Third party service delivery management  System planning & acceptance  Data backup and recovery  Network security  Media handling  e-Commerce  Access Control  Access control policy and procedures  User, network and OS access control  Application and mobile access control
  • 22. Key Benefits (7) Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.22  Regulatory compliance  All applicable laws  Intellectual property rights  Framework for Continual Improvement  Regular Internal Audits  Corrective & preventive actions
  • 23. Implementation Roadmap A business case for establishing a Business Continuity Plan 23
  • 24. Implementation Roadmap 24 Phase 1: Scoping & Planning Phase 2: Understanding the Organization Phase 3: Risk Assessment and Control Phase 4: Implementation of Mitigation Strategies Phase 5 Training for Audit and Internal Audit Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 25. Phase 1: Scoping & Planning 25 Awareness Awareness Sessions Implementer Trainings TeamFormation Establishing Management Steering Group Establishing working groups ProjectScoping Identification of geographical scope Identification of functional scope Documenting and agreeing the scope of the assignment Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 26. Phase 2: Understanding the Organization 26 ProcessIdentification Identification of functions under scope Identification of processes under scope BIA Identification of business impact if process does not work Prioritizing processes based on time criticality Presenting report to the management AssetRegistration Identification & classification of information assets in the organization Asset value assessment Asset ownership identification Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 27. Phase 3: Risk Assessment and Control 27 RiskAssessment Identification of application threats, and risks Analyzing probability and impact of risks RiskThreshold Calculating risk threshold Defining risk acceptance criteria DevelopmentofSOA Selection of right controls to handle the identified risks Implementing risk threshold and acceptance criteria Developing and presenting SOA Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 28. Phase 4: Implementation of Mitigation Strategies Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.28 SecurityControls Developing processes and procedures for information security controls MitigationPlanning Identifying right mitigation strategies Planning for implementation BusinessContinuityPlan Development of Business Continuity Plan Desktop exercise of BCP
  • 29. Phase 5: Training for Internal Audit and Internal Audit Copyrights (C) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.29 InternalAuditTraining Hands-on internal audit trainings for selected individuals Internal audit trainings on both standards InternalAudit Conducting first internal audit Developing Internal Audit report AuditFindings Detailed assistance in closure of audit findings Identification of corrective and preventive actions