Business Continuity
Management (BCM)
Records Management
Name: Willem A Olivier MBCI
Date: November 2008
Agenda
• What is Business Continuity Management (BCM)
• Our changing world
• What is the relationship between BCM, Global Risks &
Records Management?
• Lost ‘Data’
• What can you afford to loose
• How to deal with the issue
BCM Life Cycle
Understanding Your Business:
Develop Continuity Strategies:
business impact and risk assessment tools are used to
identify the critical deliverables and enablers in your
business, evaluating recovery priorities and assessing the
risks which could lead to business interruption and/or
damage to your organisation’s reputation.
determining the selection of alternative strategies
available to mitigate loss, assessing the relative
merits of these against the business environment
and their likely effectiveness in maintaining the
organisation’s critical business functions.
Exercising & Plan
Maintenance:
ongoing plan testing, auditing
and change management of
the Continuity Plan and its processes.
Establishing the Continuity
Culture:
introduction of the Continuity Management process
by education and awareness of all stakeholders,
including employees, customers, suppliers and
shareholders.
Business
Continuity
Management
Life Cycle
Developing the
Response:
improving the risk profile through
improvements to operational procedures
and practices, implementing alternative
business strategies, using risk financing
measures (including insurance) and
building continuity plans.
Acknowledgements to the Business Continuity
Institute
3
World Economic Forum
WEF identified 5 new breeds of risks
• Economic
• Environmental
• Geopolitical
• Societal
• Technological
ContinuitySA
Presentation
Q1 2007
Economic
• USA budget deficit
• Chinese Economy
• Oil Price shock
• Stock market collapse
• Asset price blow up e.g. USA house prices
Environmental
• Shrinking supply of fresh water caused
by increase in human development
• Global warming
o
Climate change
o
Rising sea levels
Geopolitical
• Mass destruction
• Failing states - Zimbabwe
• Instability after end of Cold War
• Terrorism
• Global crime
• War - ME & Africa (water)
Societal
•
Pandemics
o Bird flu
o XDR TB
•
Illegal Immigration
o Underprivileged seeking better lives
• Crime
•
Civil unrest
Technological
• Viruses
• Power failure
• Telco infrastructure failure
• Ageing infrastructure
Risk Culture
Risk - Averse Culture
Risk - Aware Culture
• Low degree of "psychological
safety" — can't discuss risk
openly
• Avoids risk/responsibility
• Hides problems
• Assigns blame when things go
wrong
• Doesn't learn from failures
• Avoids opportunities because
they have risks
• High degree of "psychological
safety" — open discussions
about risks and strategies for
managing them are the norm
• Accepts (calculated) risk
• Learns from (managed) failures
• Shares risks and risk
management
• Can act on opportunities as well
as risks
Key Contributors to Runaway Risk
• Ineffective Governance
• Uncontrolled Complexity
• Management Inattention or Indifference
The Relationship
What is the relationship between BCM, Global Risks &
Records Management?
Ask yourself, what happens if:
•
your office burns tomorrow? (Casanove Bank)
•
your backup tapes are damaged? (Fire, lost, stolen or don’t work)
•
your archives are destroyed (Pretoria municipality)
•
national archives destroyed (911 – Helen Keller & others)
•
bank’s voucher processing or securities storage is damaged by fire
•
medical aid company’s medical claims process is damaged by fire
The Relationship
• An unmitigated risk provides the
opportunity for a disaster
• BCM deals with risk, impact, planning and
how to deal with a disaster
• Records management is an integral part of
ensuring ‘data’ is not lost
Lost ‘Data’
Ask yourself: how much information,
documents, archives, data etc. can you
afford to loose in the event of a disaster?
What Can You Afford To Loose
B/U
Sunday
B/U
Monday
B/U
Tuesday
B/U
Wednesday
B/U
Thursday
B/U
Friday
B/U
Saturday
11am – Fire in building
Example: Medical Aid Company with 24x7 Call Centre, claims processing, back
office etc.
How much can you afford to loose before the impact is more than the
cost of risk mitigation
How To Deal With The Issue
•
Records Management is not only important in
Production, you will also need it in the event of a crisis
•
What are the steps
Understanding your Business
• Stage 1
•
Business Impact Assessment
•
Risk Assessment
•
Know what the impact
will be if you loose
Stage 1
Understanding
Your
Business
Stage 5
Exercising
Maintenance
Audit
records
Stage 4
Building
BCM
Culture
Stage 6
Program
Management
Stage 2
Business
Continuity
Strategy
Stage 3
BCM
Response
17
Strategy
• Stage 1
•
Use Assessment information
•
Build strategy
•
Strategy must align
with corporate IT strategy
Stage 1
Understanding
Your
Business
Stage 5
Exercising
Maintenance
Audit
Stage 4
Building
BCM
Culture
Stage 6
Program
Management
Stage 2
Business
Continuity
Strategy
Stage 3
BCM
Response
18
Planning
• Develop plans to
•
Develop Continuity Plans
•
Plans must include manual
process
•
Records retrieval process
Stage 1
Understanding
Your
Business
Stage 5
Exercising
Maintenance
Audit
must be documented
Stage 4
Building
BCM
Culture
Stage 6
Program
Management
Stage 2
Business
Continuity
Strategy
Stage 3
BCM
Response
19
Training, Education & Awareness
• Create awareness
Stage 1
Understanding
Your
Business
• Train staff
Stage 5
Exercising
Maintenance
Audit
Stage 4
Building
BCM
Culture
Stage 6
Program
Management
Stage 2
Business
Continuity
Strategy
Stage 3
BCM
Response
20
Test, Test, Test…..
•
Test plans
•
Test systems
•
Test retrieval process
•
Test manual procedures
•
Test backups &
•
backup strategy
Stage 1
Understanding
Your
Business
Stage 5
Exercising
Maintenance
Audit
Stage 4
Building
BCM
Culture
Stage 6
Program
Management
Stage 2
Business
Continuity
Strategy
Stage 3
BCM
Response
21
Keep going!
•
This is not a once off process
•
Remember change
•
Don’t become complacent
•
This is not just for the
Stage 1
Understanding
Your
Business
Stage 5
Exercising
Maintenance
Audit
select few
Stage 4
Building
BCM
Culture
Stage 6
Program
Management
Stage 2
Business
Continuity
Strategy
Stage 3
BCM
Response
22
Closure
Records Management is part of our lives on a daily basis
We all deal with it in way or another, like it or not
Thank You
Remember to visit our stand in the main building,
chat to us and enter our lucky draw & free gifts