IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE - PowerPoint PPT Presentation

About This Presentation
Title:

IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE

Description:

implementing business continuity: a bank of england perspective stephen p collins bank of england – PowerPoint PPT presentation

Number of Views:170
Avg rating:3.0/5.0
Slides: 17
Provided by: Rebecc266
Category:

less

Transcript and Presenter's Notes

Title: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE


1
IMPLEMENTING BUSINESS CONTINUITY A BANK OF
ENGLAND PERSPECTIVE
  • STEPHEN P COLLINS
  • BANK OF ENGLAND

2
FOR AN EFFECTIVE CONTINGENCY PLAN, YOU NEED TO
EFFECTIVE PLANNING
  • Understand your business what are the key
    activities?
  • Assess the impact on your institution and on
    others of not being able to carry them out.
  • Establish recovery time objectives the point
    where loss of a key activity becomes critical to
    the business.
  • Estimate what is required to provide an
    acceptable level of service, eg- minimum
    staffing levels over time- minimum work-station
    and telephony requirements over time- minimum
    PC and server requirements over time-
    application requirements over time

3
RESILIENCE MEASURES
  • Planning
  • Testing/Exercising
  • Contingency Sites
  • IT Resilience
  • Split-Site Working
  • Remote Access
  • BlackBerries

4
SCENARIO PLANNING
  • What are we planning for ?
  • Five possible types of event
  • SERVICES Loss of power, water, sewage to Bank
    locations
  • COMMUNICATIONS Loss or severe degradation of
    public and/or private telephone networks,
    including mobile networks
  • SYSTEMS Acute systems failure (eg successful
    virus attack)
  • STAFF Significant numbers of staff
    unable/unwilling to travel to work (eg transport
    disruption, civil emergency, flu pandemic)
  • PREMISES Loss of access to single or multiple
    Bank locations (eg fire/ flood/ bomb/ something
    worse)

5
HIERARCHY OF PLANS
  • Bank of England uses an integrated 3-tier
    structure of business continuity plans
  • High level plan
  • Used by executive and senior management provides
    an outline plan of action, assigns
    responsibilities, identifies key people, and sets
    out who will be involved in the recovery process.
    Written and maintained by Business Continuity
    Division.
  • Core and Crisis Function checklists
  • Each function has an individual Action Summary
    checklist which briefly sets out the key actions
    required to cover each function. These are
    brief, cut across areas, and are in note format.
    Set format, but maintained by lead areas.
  • Local area plans
  • These set out what each area needs to do in the
    aftermath of an operational disruption, and who
    is responsible. Covers both core/ crisis
    functions and other functions. Are more detailed
    and cover a longer time frame. We do not impose
    any set format for these plans.

6
Business Continuity planning structure and
ownership
Drafting and testing responsibilities
Plan ownership
Executive Team
Business Continuity Division
Local Area management
BCD and local areas
All Staff
7
WHY TEST?
  • To check the assumptions implicit in your plan
  • To check that all parties have sufficient
    knowledge of the plan, and that the plan is
    adequately documented
  • To check that proposed actions are achievable
  • To check business resilience
  • To check that strategies, technology are
    appropriate
  • To generate confidence in the plan

8
WHAT SHOULD YOU TEST?
  • Processes, not individuals
  • Communication strategies
  • External interaction (customers, media, etc)
  • Contacting staff
  • Plan content
  • Logical, realistic, no assumptions
  • Interdependencies
  • Internal external, including links with civil
    authorities
  • Technology solutions
  • Component level, data centres, data restoration
  • Alternative locations
  • Recovery sites, reciprocal arrangements

9
GENERIC FORMS OF TESTS
  • Review of local area plans (do they complement or
    conflict?). Undertaken by a third party.
  • Tabletop walk-through. Undertaken by the people
    mentioned in the plan talk-through a given
    scenario. Focus on training, familiarisation
    with roles, procedures, responsibilities. But no
    need to arrange elaborate facilities or
    communications.
  • Simulation. Uses a predefined scenario. May be
    announced or unannounced. As realistic as
    possible. Takes place in real time. May bring
    in players to act the roles of external bodies.
    May test facilities, communications, systems.
    All decisions and actions generate real responses
    and consequences from other players
  • Tests of kit, individual processes, premises.

10
Types of tests used at the Bank of England
  • Phone cascades
  • Desk-top scenario walk-throughs
  • Acted-out exercises (testing crisis functions)
  • Real-time scenario-based crisis management
    exercises (both internal and market-wide)
  • Connectivity (kit) tests
  • Invacuation and evacuation tests
  • Live working from contingency sites

11
MARKET WIDE EXERCISE - HISTORY
  • Annual exercise to test the resilience of
    financial sector.
  • First MWE in 2003
  • Previous scenarios have included floods, and
    bombs desktop and live-exercise simulation.

12

MWE 2006
  • Human influenza pandemic.
  • 70 UK firms took part with some 4,000
    participants.
  • Largest ever business continuity exercise.
  • 6 week rising tide scenario covering several
    months in exercise time.
  • Starting at WHO stage 4 (limited human-to-human
    transmission) to stage 6 (widespread, worldwide
    impact.)

13
  • THE TRIPARTITE AUTHORITIES
  • HM TREASURY
  • BANK OF ENGLAND
  • FINANCIAL SERVICES AUTHORITY

14
GOVERNMENT/EMERGENCY SERVICES
COBR
Gold
DMO
HMT
TRIPARTITE AUTHORITIES
Standing Committee
BC Sub-Group
FSA liaison
BoE liaison
Tripartite Press Group
CMBCG
FSC website/ Teleconference
All
Firms Counterparties Exchang
es Markets Clearing Houses Payment
Systems Settlement systems
Members/ Participants
Other groups
MMLG
FXJSC
FINANCIAL PRIVATE SECTOR
15
SCHEMATIC OF TRIPARTITE/MARKET LIAISONFOR CRISIS
MANAGEMENT
  • Tripartite elements -
  • Tripartite/market elements -
  • Wider government elements -
  • Tripartite/government elements -
  • Tripartite/market info. exchange -
  • Tripartite/wider government links -
  • Tripartite info. to market -

16
GLOSSARY
  • BC Sub-Group Business Continuity Sub-Group of
    the Tripartite Sub-Committee
  • FSA Financial Services Authority
  • BoE Bank of England
  • HMT Her Majestys Treasury
  • DMO Debt Management Office
  • COBRA Cabinet Office Briefing Room
  • Gold Strategic Planning Committee
  • FSC Financial Sector Continuity Website
    (www.fsc.gov.uk)
  • CMBCG Cross Market Business Continuity Group
  • MMLG Money Markets Liaison Group
  • FXJSC Foreign Exchange Joint Standing Committee
Write a Comment
User Comments (0)
About PowerShow.com