business continiuty standard bs-25999

Anil J Jhumkhawala .Director-Compliance. Qualification .

B,com(Hons), LL.B, CAIIB, ACS,Company Secretary,BS-25999 LA,Computer forensic (GOV OF INDIA),cVa™.

Task force member GRC.

5/22/2009©Anil copyright protected 1

5/22/2009©Anil copyright protected 2

BCM Program Management

Financial Risk

Business risk

Technology risk

Environmental riskHuman risk

BCM

2. Identifying critical activity

3. BIA

4. IMP,IRS,MTPoD,RTO

5. Maintain & Review

BCM

5/22/2009©Anil copyright protected 3

6. Exercise BCM

7. Internal audit

1. Understanding Definitions

8. Certification

1. Overview

2.BCM Prog I

3.BCM Imple

5/22/2009©Anil copyright protected 4

5/22/2009©Anil copyright protected 5

5/22/2009 Source Standard BS-25999

©Anil copyright protected 6

5/22/2009 Source BS-25999 standard©Anil copyright protected 7

5/22/2009Anil copyright protected 8

5/22/2009©Anil copyright protected 9

5/22/2009©Anil copyright protected 10

Understanding the organization: Key product, services, critical activities, objectives, stakeholder’s obligations,

statutory bodies, BIA, Impact of Disruption, MTPoD, RTO, continuity Requirements, Staff, people, technology,

suppliers, Risk acceptance,Transfers, changes,

Business Continuity strategy: Reduce Likelihoods, continuity to critical activity resumptions, People,

permission, technical, Information, supplies, shareholders, signatories etc.

Exercising Maintain, Review, preventive actions, corrective actions and follow-up and training.

Developing and Implementing Resource Team: critical activity, application strategy, Incident Response,

structured plans, control plans, Incident Management plans (IMP), Media response, location, Resource

requirements.

BCM Programme Management:organistion approach,

appointment of senior, communicate, training,

exercise, review, BIA, policy,BCM scope, IRS, SLA, etc

Understanding need of Continuity-PolicyImplementing operating control-Overall RiskMonitoring review effectiveness-BCMSContinual improvementNeed-Risk-At par-Global Requirements-Changing world-

5/22/2009©Anil copyright protected 11

Key components-BCMS As per BS-25999

5/22/2009©Anil copyright protected 12

BCM culture

stakeholdersconfidence Risk management

Improve Net Asset ValueReduce cost Increase RevenueMaintain Review Exccercise Internal Audit

Key Products/services Critical activity Sites/locations Number of Employees

Incidence response structure MTPoD?RTOIncident management Plans

Likelihood of events

MASTER PLANNING

5/22/2009©Anil copyright protected 13

5/22/2009Anil copyright protected 14

5/22/2009©Anil copyright protected 15

IMP

Define scope• Acceptable-

interest stakeholders

Policy-commitments• Minutes-

address concern• Limitation -

exclusion

Resources• Roles-defined-

documented• Reinforce

commitments

5/22/2009©Anil copyright protected 16

Necessary competency of personals assigned Embedding culture

Records

Roles

Training

Measure

Awareness to All

BCM objective

value

5/22/2009©Anil copyright protected 17

Strategy Map-DocumentationBCM-manual scope 3.4.1

BCM

SIN

TERN

AL P

ROCE

SSCo

ntro

lsM

aint

enan

ce

IncreaseRevenues-Confidence

Continual Improvement

6.2

Management Review5.2,

DocumentedProcedure3.4.1.3

Internal audit-Preventive-corrective actions5.1-6.1-6.2

Risk assessmentimprove finance

Processes4.1.2

BCM-Policy3.2.2

Provision of Resources

3.2.3

Competency- skillsTraining

3.2.4

BIA & BCM Exercising

4.1.1 & 4.4.2

BCS & IRS4.2 & 4.3.2

Scope-Objective3.2.1

BCP & IMP4.3.3

5/22/2009©Anil copyright protected 18

Control Of Records 3.4.2 Control of documentations 3.4.3

5/22/2009©Anil copyright protected 19

5/22/2009©Anil copyright protected 20

Documented Procedure shall –control over BCMS Documentation and records.

Documented Procedure shall-for preventive actions 6.1.2

Documented Procedure for corrective actions .6.1.3

5/22/2009©Anil copyright protected 21

BCM owner from the Board

•MR•Silver Team•H.R (Trainer)•Gold Team

Suppliers Contractors

Shareholders Bankers

Creditors

5/22/2009©Anil copyright protected 22

BIA

Critical

Maintain

•IMP• IRS

•MTPoD•RTO

•Preventive•Corrective

5/22/2009©Anil copyright protected 23

MR

GOLD

IRSIMP

SILVER

5/22/2009©Anil copyright protected 24

5/22/2009©Anil copyright protected 25

MR GOLD

SILVER BOD

5/22/2009©Anil copyright protected 26

audit

maintain

exercise

Review

5/22/2009©Anil copyright protected 27

Med

ia

UNDESTANDINGIncident management plans

Incident strategy Manage and maintain Guidance and TemplatesAppointed spokesman

Restorationof critical activity

Relevant arrangementExternal Organisation

Managing issues Employee-Relatives

Stakeholdersmedia

Provide convenient access to

communicate.

Methods-contactsAgencies locations

Guideline criteria To Invoke

ConsequencesWelfare of individuals

Process standingOnce incident is

over

Improve key referenceInformation

Define roles and Responsibilities

Managing Incidenceprocesses

Media responseIdentify needs and

Lines of Communications

ReviewedOwned-Responsible

Accessible and understood

Each Plan shall DefinedPurpose and scope

Mna

gem

ntIN

TERN

AL P

ROCE

SSIM

P

5/22/2009©Anil copyright protected 28

5/22/2009©Anil copyright protected 29

5/22/2009©Anil copyright protected 30

Audit notes

Evidence

Audit Records

Audit Process

Audit plans • Audit Programme shall be planned,established,implemented for BIA,RA,controls .

• Shall-address responsibilities,competencies,planning,audit criteria.

• Shall be maintained for verifications.

• mitigations measures

• help to improvise

5/22/2009Anil copyright protected 31

5/22/2009©Anil copyright protected 32

BS-25999

Preventive

Corrective

Exercise

Procedure

Document

BIA

IMP IRS

5/22/2009© Anil copyright protected 33

© Anil copyright protected

Thank You

5/22/2009©Anil copyright protected 35

Anil.jhumkhawala@gmail.com,anil@securematrix.in