Good Practice Guidelines 2018 PDF

Good Practice Guideline s Block 5 Restricted - Introduction The world continues to be challenged by socio-economic and geo-political change Organizations must respond and adapt to familiar challenges, such as: o Increasing dominance of technology and the internet o New disruptive threats arising from the globalization of terrorism and the rapid increase in cyber threats The increasing awareness of the importance of enhancing organizational resilience reinforces: o The value of building effective business continuity capabilities o And is central to the purpose of the BCI Restricted - Introduction The business continuity management lifecycle is central to improved organizational resilience, through: collaboration with other management disciplines, for example, Risk management, communications, emergency management, crisis management, health and safety, facilities management, and human resources The BCI aims to promote and create a more resilient world Restricted - What is Business Continuity? Business continuity is the key discipline that sits at the heart of building and improving the resilience of organizations It is a tried and tested methodology that an organization should adopt as part of its overall approach to managing risks and threats Business continuity management identifies an organization’s priorities and prepares solutions to address disruptive threats Restricted - Effective Business Continuity Program An effective business continuity program supports: The strategic objectives of the organization Proactively builds the capability to continue business operations in the event of disruption The program includes: The identification of risks and threats The creation of response structures and plans to address incidents and crises Promotes validation and continuous improvement. Restricted - Policy and Program ManagementPP 1 Restricted - Policy and Program Management The business continuity The business continuity Successfully establishing policy is the key document program is an ongoing cycle of the business continuity that sets out the purpose, activities that implements the program is the result of policy. These activities are context, scope, and carried out by following the several planning stages governance of the business business continuity continuity program management lifecycle Restricted - Planning Stages for BC Program Establishing the Business Continuity Policy: o This sets the boundaries and requirements for the BC program and states the reasons why it is being implemented o It defines the guiding principles by which the organization measures its performance against o As well as defining how to continue delivering products and services in the event of an incident Defining the Scope of the Business Continuity Program: o This includes consideration of the organization’s products and services to be included in the program Restricted - Planning Stages for BC Program Establishing Governance o Provides a central point of accountability for implementation and continuous monitoring of an organization’s activities in accordance with the business continuity policy Assigning Roles and Responsibilities o This is the early identification of roles, responsibilities, and authorities required to manage the program The Business Continuity Programme o Once the scope, governance, and roles and responsibilities are defined, the BC program is put in place Restricted - Embeddi ng PP2 Restricted - Embedding Business Continuity Embedding business continuity is the Professional Practice that defines how to integrate business continuity awareness and practice into business-as-usual activities and organizational culture It should be a collaborative approach between related management disciplines to improve overall organizational resilience Embedding business continuity includes: o Raising awareness about business continuity through communication o Encouraging buy-in from interested parties o Ensuring required competencies and skills are in place o Ensuring appropriate training and learning opportunities are provided Restricted - Successfully embedding business continuity is the result of the Successfully following activities: embedding Understanding and Influencing business Organizational Culture: o This includes considering your current capabilities continuity and ensuring an understanding of current practice and what skills are required to improve the organization’s culture Competencies and Skills: o This means ensuring all staff with business continuity-related roles have appropriate education, training, and experience to develop and implement the BC policy Training and awareness: Restricted - o This involves responding to the competencies and Analysis PP3 Restricted - Analysis Analysis is the Professional Practice within the business continuity management lifecycle that reviews and assesses an organization to identify its objectives, how it functions and the constraints of its operating environment Restricted - Analysis The main technique used for the analysis of an organization for business continuity purposes is the business impact analysis (BIA) The business continuity professional uses the BIA to determine the organization’s business continuity requirements Restricted - Types of BIA An initial BIA: A product and service BIA: To provide a high-level analysis To identify that can be used to develop a and prioritize products framework for the more and services at a strategic detailed BIAs level A process BIA: To determine the process An activity BIA: or processes required for the To identify and prioritize the delivery of activities that deliver the most the prioritized products urgent products and services and services Restricted - BIA The BIA identifies business continuity requirements, providing information to determine the most appropriate business continuity solutions The BIA identifies the urgency of each activity undertaken by the organization by assessing the impact over time caused by any potential or actual disruption to this activity on the delivery of products and services Business continuity requirements can be defined as the time frames, resources, and capabilities necessary to continue to deliver the prioritised products, services, processes, and activities following a disruption Restricted - General Principles to Analysis Business Impact Analysis: o The BIA can initially help to clarify the scope of the business continuity program and then be used to determine and select business continuity solutions Risk and Threat Assessment: o This is used to identify unacceptable levels of risk and single points of failure. Risk and threat assessments enable effective solutions and mitigation measures to be designed Final Analysis and Consolidation: o Once all BIAs have been undertaken, final analysis and consolidation is used to validate the information Restricted - Design PP4 Restricted - Design Design is the Professional Practice within the business continuity management lifecycle that identifies and selects appropriate solutions to determine how continuity can be achieved in the event of an incident Restricted - Designing Business Continuity Solutions Designing Business Continuity Solutions: o These solutions are based on the outcomes of the risk and threat assessments o Price versus performance and cost versus benefit is often used when designing solutions Risk and Threat Mitigation Measures: o These are identified and implemented to reduce the impact of a disruption to the organization’s prioritized activities o Collaboration with risk, physical security, and information security professionals should be undertaken at this stage Restricted - Implementatio n PP5 Restricted - Implementation Implementation is the Professional Practice within the business continuity management lifecycle that implements the solutions agreed in the Design stage Implementation is achieved by developing business continuity plans to meet the organization’s agreed business continuity requirements and solutions identified in the Analysis and Design stage of the lifecycle The Implementation stage also includes: The development of a response structure that defines the necessary roles Authority Skills required to manage an incident Restricted - Restricted - Elements of the Implementation Stage The following are elements of the Implementation stage; Response Structure o This process established command, control and communication systems to ensure that the organization has a clearly documented and well understood mechanism for responding to an incident, regardless of its cause Developing and Managing Plans o Business continuity plans can be created to address the strategic, tactical, and operational requirements of the organization. o The plans should be determined by the response structure and business continuity solutions agreed in the Design stage. Restricted - PP6 Validati on Restricted - Validation Validation is the Professional Practice within the business continuity management lifecycle that confirms the business continuity program meets the objectives set in the policy and that the plans and procedures in place are effective The purpose of Validation is to ensure that the business continuity solutions and response structure reflects the size, complexity, and type of the organization and that the plans are current, accurate, effective, and complete There should be a process in place to continually improve the overall level of organizational resilience Restricted - Validation is achieved through a combination of the following three activities 1- Exercising A process to train for, test, assess, practice, and improve the business continuity capability of the organization 2- Maintenance A process to ensure that the organization’s business continuity arrangements and plans are kept relevant, up-to-date, and operationally ready to respond 3- Review A process for assessing the suitability, adequacy, and effectiveness of the business continuity program and identifying opportunities for improvement Restricted -

Good Practice Guidelines 2018 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue