Scribd
Upload
739 views

BCMS Awareness 1.0

This document provides an overview of business continuity management systems (BCMS) and ISO 22301, the international standard for BCMS. It defines key terms related to BCMS such as business continuity, risk management, and recovery time objective. The document outlines the objectives, benefits, and implementation steps of a BCMS. It also describes the constituents of an effective BCMS and defines roles and responsibilities in crisis management.

Uploaded by

akdmech9621
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
739 views

BCMS Awareness 1.0

This document provides an overview of business continuity management systems (BCMS) and ISO 22301, the international standard for BCMS. It defines key terms related to BCMS such as business continuity, risk management, and recovery time objective. The document outlines the objectives, benefits, and implementation steps of a BCMS. It also describes the constituents of an effective BCMS and defines roles and responsibilities in crisis management.

Uploaded by

akdmech9621
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Awareness Training

ISO 22301: 2012

1
Contents
• Key Definitions
• About BCMS
• BCMS Objectives
• Benefits of BCMS
• BCMS Standard ISO 22301
• Implementation Steps
• Do’s and Don'ts
Business Continuity
It is the strategic and tactical capability of the organization to plan for and respond to
incidents and business disruptions in order to continue business operations at an
acceptable predefined level.
Key Definitions
Business Continuity Management
v Holistic management System that identifies potential threats & help assessment of their Impact to
the organization
v Provides a framework for building organizational resilience with the capability for an effective
response that safeguards the interests of its key stakeholders, reputation, brand and value-creating
activities

Disaster Recovery Plan


A Disaster Recovery Plan (DRP) is a business plan that describes how work can be resumed quickly and
effectively after a disaster. Disaster recovery planning is just part of business continuity planning and
applied to aspects of an organization that rely on support infrastructure to function.
The overall idea is to develop a plan that will allow the Concerned department/s to recover enough data
and system functionality to allow a business or organization to operate - even possibly at a minimal level.
The creation of a DRP begins with a DRP proposal to achieve upper level management support. Then a
business impact analysis (BIA) is needed to determine which business functions are the most critical and
the requirements to get the business/functional components of those functions operational again after a
disaster, either on-site or off-site.
Key Definitions
Risk Management
Process of identifying, controlling and minimizing or eliminating management /system/business/security
risks that may affect information systems, for an acceptable cost “

Interested Party
Person or organization that can affect, be affected by or perceived themselves to be affected by a decision
or an activity
Incident
A situation that might be or could lead to, a disruption, loss, emergency or crisis.

Invocation
Act of declaring that an organizations business continuity arrangements need to be put into effect in order
to continue delivery of key products or services
Key Definitions
RPO
Point to which information used by an activity must be restored to enable the activity to operate on
resumption

RTO
Period of time following an incident within which-
• Product or service must be restored, or
• Activity must be resumed, or
• Resources must be recovered
BCMS

Management system that


establishes, implements, operates,
monitors, reviews, maintains and
improves business continuity.

The management system includes


organizational structure, policies,
planning activities,
responsibilities, procedures,
processes and resources.
BCMS Policy

Organization shall ensure safety of its people, continuity of


critical business Operations that support delivery of key
products and services provided by Sterlite, while abiding to
legal and regulatory obligations by developing,
implementing and continually improving an organization
wide Business Continuity Management System.
BCMS Objectives

• Ensure safety of human resources in the event of crisis


• Increase shareholder value & sustainable returns;
• Growth of revenue by retaining & expanding customer
base;
• Improve operational efficiency;
• To drive innovation in delivery of Products & Services;
• To ensure compliance with Legal and Regulatory bodies;
• To ensure effective risk management and business
continuity; and
Standards for BCMS
BS25999-1 ISO 22313

Code of Practice – Best practice, not Business continuity management


auditable systems — Guidance

BS25999-2 ISO 22301

Requirements – Shall statements, Requirements – Shall


auditable
statements, auditable
Benefits of BCMS
• Proactively identify the impacts of an operational disruption
• Effective response mechanism in place, which minimises the
impact on the Sterlite to natural and man-made disruptions;
• Ability to manage uninsurable risks;
• Encourage cross-team working delivery and other Business
Functions (HR, Finance, SCM etc.)
• Demonstrate a credible response through a process of exercising
• Enhance reputation of Sterlite and gain a competitive advantage,
conferred by the demonstrated ability to maintain delivery
Why Business Continuity
Disasters……possibility

Ø Flood
Ø Earthquake
Natural Ø Cyclone/Hurricane
Ø Tsunami
Ø Pandemic

Ø Fire
Ø Neighborhood Hazards
Man-made Ø Terrorism/Act of War
Ø Power Failure/Lack of fuel
Ø Technical faults
Why Business Continuity
What can disrupt your business ?

Fire Flood Terrorism

Hackers Power IT
Business Continuity Management System

Identify the organization's key products and services

Identify the prioritized activities and resources required to deliver them


BCM

Evaluate the threats to these activities and their dependencies

Put arrangements in place to resume these activities following an incident and

Make sure that these arrangements will be effective in all circumstances.


PDCA for BCMS
Establish
- BCMS policies and procedures
- BCMS objectives in accordance with overall organizational objectives

Plan
Maintain Implement & Operate
Establish - Conduct business impact analysis
- Execute non conformities,
preventive and corrective and identify minimum operating
actions Act Do
requirements
- Ensure continual - Conduct risk assessment and
Maintain and Implement and
improvement of the improve identify recovery strategies for
operate
management systems those risks
Check - Prepare business continuity plan,
Monitor and crisis management plan, site
review emergency management plan etc.

Monitor & Review


- Performance evaluation of BCMS
- Conduct business continuity & disaster recovery drills
- Undertake internal audits and management reviews
- External audits against standard ISO 22301
- Identify non-conformities and corrective actions
During Crisis

Return to Normal

Invoke Business
INCIDENT Continuity

Emergency Response &


Incident Assessment

Incident Detection &


Escalation

Recovery Time lines


BCMS Constituents
EFFECTIVE BCM IS BUILT ON 7 P’s

Programme - the total BCM strategy


People - Roles and responsibilities, H&S,
awareness and education
Processes - all organisational processes including ICT
Premises - buildings & facilities
Providers - supply chain inc. outsourcing
Profile - brand, image and reputation
Performance - benchmarking, evaluation & audit
Risk Management

Risk Management

“ Process of identifying, controlling and minimizing or


eliminating security risks that may affect information
systems, for an acceptable cost “
BCMS Roles – Crisis Management
Immediate Disaster Response (IDR) Teams
CMT - Crisis Management Team
Gathers incident assessment details from DAT and
takes decision to invoke network recovery/
business continuity

DAT - Damage Assessment Team


1. Assesses the damage, communicates the collated info to CMT & assists in decision making
2. Basis CMT’s decision, evaluates & finalizes recovery options and directs ORT to perform recovery steps

ORT – Operations Recovery Team


Obtains inputs from DAT, performs recovery steps and reports the progress to DAT

RST – Recovery Support Team


Supports ORT on recovery procedures being implemented
BCMS Roles & Responsibilities
All Employees

BCMS Roles during Development, BCMS Roles during Crisis


Implementation and Maintenance

Employees must be Aware Report any incident or event


of which is a threat (e.g. fire) to
Awareness
• BCMS Policy
Report Incident Response Personnel/
• BCMS Objectives Reporting Manager
• BCMS Roles Report any suspicious activities
around
Employees must Participate Follow the instructions provided
in by the management
Participat • Evacuation Drills Follow Follow the threat specific
ion • Updating Contact guidelines for health and safety of
Information in HRMS all employees
database
• Call Tree Testing
• BCMS Training & Awareness
For more details visit
www.apexally.com
Spreading prosperity…

ABC/GEN/02 Reach us at: 9971716430; [email protected] 21

You might also like