Business Continuity The Challenges of the 21st Century

1
Business Continuity The Challengesof the 21st
Century
The transformation of traditional disaster
recovery planning to a value driven process
endorsed and sponsored by the business process
owners
2
Todays Topics

• Emergence of a New Business Continuity Model
• Organizing Business Led Continuity
• Continuity as a Business Enabler

3
Changes in BCM Ownership
Emergence of the New BCM Model

• KPMG and Contingency Planning and Management
  magazine performed a BCM survey based upon 778
  respondents across all major industries. The
  survey was conducted prior to September 11, 2001.

4
Recovery times are shorter, education is lacking
Emergence of the New BCM Model
5
Traditional Continuity Model
Emergence of the New BCM Model

• Historically, IT has led the push or pull for
  recovery planning
• Therefore, business executives focused only on IT
  disasters or events
• IT has lead or managed the project, not the
  ongoing process
• IT excels at managing projects
• Business excels at managing processes
• Focus is usually data center (raised floor)
  operations including hardware, applications, and
  databases
• IT is usually very good at covering themselves
  (backups, etc.)
• Recovery planning has not included the businesses
• Common thinking is that the IT group knows the
  critical applications

6
Emerging Business Continuity Model
Emergence of the New BCM Model

• C-level executives are on board
• Since September, more executives and boards are
  asking the question are we covered?
• Cross business unit steering committees are
  formed and led by business
• IT is a supporting or enabling component
• Adequate funding is provided
• The business units fund the projects
• Corporate communication provides awareness
  programs both internal and external
• Education and support of employees is critical
• External awareness will provide increased
  confidence from customers, the public and vendors
• IT Recovery becomes a piece of the pie

7
Concepts of Business Continuity Management - An
Integrated Process within the Business -
Emergence of the New BCM Model
(Address Business Continuance And Business
Processes)
Business Continuity Plan(s)
Line of Business
Line of Business
Line of Business
Line of Business
Disaster Recovery Plan
IT Infrastructure
(Address IT Service Recovery)
Crisis Management Plan
Facilities
(Address facilities and personnel)
8
Importance of Business Led BCM
Emergence of the New BCM Model
Issues
Consequences
People

• Whos in charge and what are they responsible
  for?
• Where does everyone go? Which ones go where?
• How do you inform people? Who else needs to be
  told?
• How long does this all take? Can you afford it?

• People make best choice at the time for
  themselves
• No means to reliably contact, direct, or
  coordinate personnel or other communications
• Unable to determine recovery time required

Processes

• Which processes were affected - and what are the
  consequences?
• Can we protect our financial positions?
• Where else are the business processes performed?
  
• How long can the process be down?
• What will the customers and public reaction be?

• Processes that can continue depend on ad hoc
  personnel decisions, with incomplete access to
  systems, data, customers, and lack of control
• Business processes from this location are
  suspended
• Product cant be positioned without application
  services

Technology

• What data was lost?
• Do employees/customers have access to data?
• How do we re-establish data service connectivity
  to alternate sites?
• How do we reconnect to the business processes?

• Undetermined amount of data is lost
• Technology Infrastructure is not available from
  this location, including any unique and critical
  applications
• Improper shut down resulted in lost or corrupted
  data and incomplete transactions
• Connectivity and networks are not available

9
Getting the Business Engaged
Organizing Business Led BCM

• Development of a Corporate Business Continuity
  Mission Statement and Policy
• Protection of people and assets as well as
  information
• Ensure business as usual in the event of disaster
• Preserve your reputation for stakeholders
• Develop communication to the employees, vendors
  and public
• Outline the policy and the commitment to safety
• Solicit feedback
• The plans are owned by the business
• The business has the responsibility
• The continuity group provides templates, guidance
  and expertise

10
Educate Executives on the Money Issue
Organizing Business Led BCM

• What are companies spending on Business
  Continuity Management?
• Depends on the Recovery Time Objective (RTO).
• The shorter the RTO, the greater the cost.
• 67 of surveyed companies state that their
  spending on BCM is inadequate.
• Conversely, only 30 of surveyed companies
  actually met their RTO when faced with a
  disaster. 70 did not.
• Current average spending on disaster recovery is
  3.7 of the IT budget. Best practice calls for
  6, and some industries such as finance, spend as
  much as 12 -15 of their IT budget on disaster
  recovery. - CPM Magazine

11
Let the business determine costs of downtime
Organizing Business Led BCM

• Perform a business impact assessment
• Learn the critical processes and their
  contribution to your companys bottom line
• Quantify the contributions
• Keep the formulas simple
• Make the results credible
• Ensure the buy-in from the business

12
Organizing Business Led BCM
Organizing the BCM from project to process

• Understand it is a project to create the process
  
• Information technology generally good at projects
  
• Business units are generally good at process
• BCM is an ongoing process
• Obtain Executive sponsorship to champion
• Select the steering committee/project
  organization
• Communicate to the organization the importance of
  BCM
• Approve funding for the resources required for
  successful BCM
• Resolve any issues
• Report to the Board of Directors, as necessary,
  the status of BCM activities within the
  corporation

13
Organizing Business Led BCM
Roles of the Steering Committee/Organization

• Develop the corporate BCM policy.
• Select managers from the corporation to support
  the continuity with the following tasks
• Lead the continuity efforts
• Determine continuity requirements
• Identify and task resources
• Manage the coordination between teams
• Develop an continuous process of maintaining
  current BCM planning

14
Organizing Business Led BCM
Organizational Structure
Executive Sponsors
Steering Committee
SENIOR EXECUTIVES
WHO PROVIDES THE SUPPORT?
WHAT ARE THE RECOVERY REQUIREMENTS?
BUSINESS UNIT EXPERTS
PROCESS DEFINITIONS
BCP EXPERTISE INTERNAL/EXTERNAL
BCP PLANNING
WORK LOCATION
FACILITIES
BU HR
PEOPLE
DATA CENTER APPLICATIONS
INFORMATION TECHNOLOGY
EMPLOYEE SAFETY
CORPORATE SECURITY
EXTERNAL PROCESSES
VENDORS
15
Business Continuity to Business Service
BCM as a Business Enabler
16
Evolution Of BCM to Availability Based Solutions
BCM as a Business Enabler
Traditional
Emerging
17
BCM as a Business Enabler

• Education on the 9/11 lessons learned
• Computer systems were operational, but the people
  and processes were not
• Thousands of workers were displaced