About
Imagine the nation being struck down by a pandemic (Such as H1N1) or a major power outage. Are you fully aware of how vulnerable your business is? Or how the incident would impact on every aspect of your business and operations?
Business Continuity Management focuses on providing practicable solutions to real life incidents that will occur. The key to implementing a working business continuity capability is to ensure that business operations retain the ability to provide business critical services at all times and restoring the business to a full business service capability in the shortest possible time after an incident; no matter what happens.
Learning Objectives:
- Understand the relevant legislative requirements of Business Continuity Management programmes
- Increase the resilience of your business by exercising and maintaining your business continuity capability
- Explore proven business continuity policies, standards and guidelines to adopt best practice approaches
- Discover leading-edge methodology to develop a working business continuity capability
- Master practical tools to assess and protect your IT systems and resources
- Understand the reasons why other business continuity initiatives fail and structure your process to avoid those errors
Training methodology
This intensive 2-day masterclass will combine tutorial sessions and case studies with interactive learning exercises. All attendees will be provided with a workbook and a certificate of completion.
Agenda
Standards and Guidelines covered:
• British Standard BS 25999 Part 1:2006 (Business Continuity Management – Code of Practice)
• Business Continuity Institute Good Practice Guidelines 2005 edition.
• Information Technology Infrastructure Library (ITIL) standard ISO 20000 Service Delivery and Service Support.
• British Standards Institute Publicly Available Specification (PAS) 77:2006 – IT Service Continuity Management – Code of Practice.
• Australian / New Zealand Standards AS/NZS 4360:2004 Risk Management
• Australian / New Zealand Standards HB436:2004: Risk Management Guidelines
Day One
Business Continuity Management (BCM) - Policy
• What is Business Continuity Management – from computer room to boardroom.
• Legislative requirements and trends in continuity – internationally and at home.
• The Business Continuity Management process and programme requirements
• Terms, definitions and misconceptions explained
- Business Continuity Management (BCM)
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Recovery Point Objective (RPO)
- Recovery Time Objective (RTO)
- Maximum Tolerable Outage (MTO)
- Maximum Allowable Outage (MAO)
- Business Impact Assessment (BIA)
- Threat Assessment
- Risk Assessment
• How we think dictates how we approach Business Continuity Management
- Thinking process discussed
- Left brain/ Right brain – Right mind?
- Team dynamics as a process accelerator
- People are not corporate assets.
• Project prerequisites, planning and project management fundamentals
- Governance requirements
- Critical success factors in a Business Continuity programme
- Control requirements
- Scope variation and Change Management
- Developing the BCM Project Plan
- Developing and refining the BCM Project budget
- BCM documentation standards
- Gaining the Executive Management commitment and approval.
• Business Continuity Management Policy review
- Business Continuity Management Policy scope
- Resources
- Principles, guidelines and minimum standards applicable to the organisation
- Catalogue of reference materials included and excluded from the initial project
- Review date of the BCM Policy
Understanding the Organisation
Business Impact Analysis (BIA) Session I
• Why is the BIA important
• Methods of gathering and verifying information and processes involved
• The type of information to required
• Questionnaires, Interviews and Workshops
• Analysis techniques
• Presentations and Documentation
• Determining MTO/MAO/RPO/RTO
• The projected costs/estimated costs of an incident
• Documenting your results
• Deliverables and reports
• Presenting to management
• BIA exercises
Threat Assessments
• Scenario or All Risks basis?
• Threat identification
• The people factor
• Documentation and assessment criteria
• Transforming perceived Threats into tangible Risks
• Risk mitigation, migration or management
• Roles of external organisations
• Threat Assessment exercises
Business Continuity Strategies
• Options and methods
• Thinking out of the square
- People
- Premises
- Supply chain
- Technology
- Marketplace
• Cost of a strategy vs. the potential financial losses
• High or low road towards resilience?
• Presenting to management
• BCM Strategy exercises
Crisis Management
• Brief history of crisis management
• Recognising characteristics of a crisis
• Avoiding and preparing for a crisis
• Media management
• Recovery strategy
• Pandemics and Epidemics
• Crisis management best practices
Day Two
Developing the BCM response
• Characteristics of incidents
• Initial response planning
• Constructing a functional business unit plan
- Critical activities
- MTO/MAO timescales
- Service level requirements of affected parties
- Monitoring and measurement criteria
• Contingency, Continuity and Communications plans
• Recovery, Restoration and Resumption plans.
• Supply chain considerations and concerns.
Fundamentals of Information Technology Disaster Recovery Planning
• IT as a business facilitation function in your organisation
• The risks associated with IT services
• Elements of the IT infrastructure
• Methods of protecting IT assets
• Questions you should ask
• Traditional and new strategies to be considered
• The shrinking IT service disruption window
• Types of recovery solutions appropriate for the defined recovery times
• Issues in relation to restoration of services
• Documenting the IT Disaster Recovery Plan
Documenting Business Continuity Plan
• Objective of the BCP
• Layout and design
• Contents
• Structure
• Process
• Available tools, techniques, trips and tricks.
Business Continuity Management: Exercises, Rehearsals and Audits
• Objectives
• Types of Activities – TESTING is not an option.
• Exercise the response by
• Rehearsing the personnel and
• Evaluating the outcome
• Levels of complexity and exercise management
• Assessing your plans - what works and what does not work
• Bringing the disparate plans within an organisation into one Business Continuity Management programme
Embedding Business Continuity Management into the Organisation
• Leadership, responsibility and accountability
• Corporate acceptance and governance
• Skills and Training – measurement of competence
• Assessing your plans - what works and what does not work
• Bringing the disparate plans within an organisation into one Business Continuity Management programme
Crisis and Continuity Exercise and Follow up
Facilitator
Sally Rosenberg (MBCI)
Sally Rosenberg (MBCI) is a seasoned business continuity and risk management professional with over 12 years experience in large and small businesses, both as a consultant and as an in-house professional. She has lead numerous projects to identify operational risks, create pre-emptive solutions for risks being realised and has been an active BCM and crisis manager in some of New Zealand’s largest organisations.
Her experience with Fonterra as the Global Business Continuity Manager from 2002 to 2007 enhanced her local private enterprise and government experience into the global market. As an expert practitioner, trainer and consultant the results for her employers and clients have consistently shown the adoption of best practice capability and effective management of the inevitable crisis incidents with minimal business disruption.
Elsewhere Sally has held senior management and executive roles with Alcatel-Lucent, LIC, the New Zealand Opera School and Ridge Brands Ltd. Her expertise includes project and strategic planning, development and management, change management, stakeholder development, process improvement and crisis communications. As an action and goal driven practitioner she ensures a high degree of satisfaction is experienced by all stakeholders and outputs are delivered on time.
