andrew pettitt business continuity senior consultant
TRANSCRIPT
![Page 1: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/1.jpg)
BS 25999 Certification Essentials
Andrew PettittBusiness Continuity Senior ConsultantSunGard Availability Services Professional Services
![Page 2: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/2.jpg)
Essentials
Getting the fundamentals rightStrategies - covering all the basesImplementation – birth pains?Learning to walk then runWeaving continuity into the fabric of your organisation
![Page 3: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/3.jpg)
BCM Lifecycle (BS25999)
understanding the organisation
developing and implementing
a BCM response
exercising, maintenance
and review
determining BCM
strategies
BCMprogramme
management
![Page 4: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/4.jpg)
Getting the fundamentals right?
What to plan for? – Business-type functions?– Statutory obligations?– Emergency-type activities?
Silo approach evident in many organisationsApproach to BC disjointed
– Left hand doesn’t know what right hand is doing
– Wasteful– Time-consuming
![Page 5: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/5.jpg)
understanding the organisation
developing and implementing
a BCM response
exercising, maintenance
and review
determining BCM
strategies
BCMprogramme
management
Jumping the gun
Pharmaceutical Company
IT Recovery Contracts in place
Workplace Recovery in place
BUT– No BIA completed
– No strategy development
![Page 6: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/6.jpg)
Jumping the gun
BIA showed
Inappropriate RTOs and RPOs for IT
Existing recovery “plans” beyond capabilities of staff
Fundamental misunderstandings of business processes at senior level
Unnecessary expenditure– Paying for a Ferrari solution– Needed a motorbike-sidecar
and a Transit van instead
![Page 7: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/7.jpg)
Jumping the gun
Understanding the organisation is fundamental to success of BC management
Shortcuts to implementation result in bad planning that won’t work and expensive mistakes
BS25999– Restates what we know anyway
and yet is often ignored – Top management should sign
this off– External review can pick up
mistakes BUT…
understanding the organisation
developing and implementing
a BCM response
exercising, maintenance
and review
determining BCM
strategies
BCMprogramme
management
![Page 8: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/8.jpg)
Strategies – covering all the bases
People– Continuity of core skills &
knowledgePremises
– Where do you go?Technology
– Appropriate RTOs and RPOsInformation
– Confidentiality, integrity, availability & currency
Stakeholders SuppliesTop management signs these off!
![Page 9: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/9.jpg)
Suppliers
Supplier dependencies– Ignore them?
– Accept vague assurances?
– Eliminate by bringing everything in-house?
– Carry out audit of their BCM?
Mostly ignore or accept “it’ll be alright on the night”
Get them to use BS25999!
understanding the organisation
developing and implementing
a BCM response
exercising, maintenance
and review
determining BCM
strategies
BCMprogramme
management
![Page 10: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/10.jpg)
Implementation
Time Line
Tim
e Ze
ro
Disaster Event!
Overall recovery objective:Back to normal as quickly as possible
The Disaster Timeline
Within minutes to hours:Staff & visitors accounted forCasualties dealt withDamage containment / limitationDamage assessmentInvocation of BCP
Emergency Response
Within hours to days:Contact staff, customers, suppliers, etc.Recovery of critical business processesRebuild lost work-in-progress
Business Continuity
Within weeks to months:Damage repair / replacementRelocation to permanent place of workRecovery of costs from insurers
Recovery - back to normal
© SunGard Availability Services (UK) Ltd
![Page 11: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/11.jpg)
Implementation
Incident Management Plans– Must be flexible, easy to use
and understandableContinuity Plans
– Often over-complex– “Never mind the quality, feel
the width” Implementing your response
– Not just about plans– People, technology,
communications etc.
![Page 12: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/12.jpg)
Walking then running
ExerciseTestRehearsePracticeKeep on doing it!!!
![Page 13: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/13.jpg)
The BCM fitness cycle
Develop Continuity
Update
Implement
Live Test
Exercise
Train
Update
Update
Audit BCP© SunGard Availability Services (UK) Ltd
![Page 14: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/14.jpg)
If you don’t……..
BCM atrophies
It becomes “mummified
It’s inaccurate, invalid, irrelevant
BS25999
Audit and self assessment
Suggested programme for exercising BCM strategies
I used to be aBusiness ContinuityManager…
coming to a business
near you
Dodgy Continuity presents:
![Page 15: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/15.jpg)
Weaving continuity into the fabric
Tell people about it!!!– Awareness training– Skills training– Leadership!
Involve people!– Build roles– Give responsibilities– Devolve– Involve in testing
![Page 16: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/16.jpg)
Going forward
BS25999 provides level playing field– Applicable to public, private and voluntary sectors
– Size doesn’t matter
– Links with CCA 2004, Companies Act 2006 & FSA Guidelines
– Being adopted in many EU countries and further afield as a de facto standard
Part 1 provides roadmap to improved BCM– Can be used to enhance current BCM
– Incentive for senior management to take it more seriouslyHelps get buy-in within an organisation
– Window of opportunity prior to Part 2
![Page 17: Andrew Pettitt Business Continuity Senior Consultant](https://reader031.vdocument.in/reader031/viewer/2022021800/620d1e767533624aaf33378a/html5/thumbnails/17.jpg)
Thank you