Scribd Logo
Upload

Welcome to Scribd!

  • 5 views

    2015-04-12.1 BCM Kuwait Presentation Wolfgang Mahr

    Uploaded by

    Tawfik Soukieh
    3

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    2015-04-12.1 BCM Kuwait Presentation Wolfgang Mahr

    Uploaded by

    Tawfik Soukieh
    5 views22 pages
    3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    3

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    5 views22 pages

    2015-04-12.1 BCM Kuwait Presentation Wolfgang Mahr

    Uploaded by

    Tawfik Soukieh
    3

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 22

    Dr. Wolfgang H. Mahr, M.Sc.

    , BBA, MBCI,
    CISA

    governance & continuuuity gmbh


    CH-8408 Winterthur, Switzerland
    www.continuuuity.ch
    LinkedIn, XING, Twitter
    wolfgang.mahr@continuuuity.ch

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page1


    20-22 April 2015
     Why a BIA?
     BIA in the BCM Lifecycle
     Outcomes of the BIA
     BIA supporting BCM Goals
     ISO 222317 on the BIA
     BIA Approaches
     Challenges when doing a BIA
     Sokrates Maps –what’s this?
     Sokrates Maps Benefits and Applications
     Sokrates Maps for the BIA
     BIA Critical Success Factors

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page2


    20-22 April 2015
    This contribution underlines the fundamental importance of the one of the most important
    phases in the BCM lifecycle – the BIA.

    Other - subsequent - phases such as selecting one or more business continuity strategies
    or the formulation of a BC plan, exhibit a much smaller space of choices than the BIA,
    which is primarily an information gathering stage, charged with understanding the
    business.

    Critically important information needs to be unearthed and, ideally, not one important
    aspect must be omitted or forgotten. This is the reason why ISO TC 292 (formerly 223),
    after developing ISO 22301 and ISO 22313, has embarked on developing a standard on
    the BIA: ISO 22317. It is being presented in another contribution at this conference.

    This paper focuses on a visualization and presentation method newly applied to the BIA
    process, in order to better understand a company’s processes, resources and their
    interdependencies.

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page3


    20-22 April 2015
     BCM is a cyclic process
     BCM is based on continuous improvement
     BIA makes you know your processes better
     BIA is the base for the subsequent development of one or more
    Business Continuity Strategies
     …

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page4


    20-22 April 2015
     Increasing the efficiency of the organisation
     Evaluate alternative strategic planning options
     Assist in long-term strategy decision making
     Assist in developing a risk analysis
     …

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page5


    20-22 April 2015
    BIA in the BCM lifecycle

    Reference: The Business Continuity Institute

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page6


    20-22 April 2015
    BIA in the BCM lifecycle

    Reference: ISO 22301:2012

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page7


    20-22 April 2015
     Major outcomes include:
    ◦ Validation of the organisation’s BC programme scope
    ◦ Identification of requirements the organisation
    ◦ Determination of impacts, over time (of disruptions)
    ◦ Identification of relationships between
     Products/services
     Processes
     Activities
     Resources
    ◦ Resources needed to perform prioritised activities
     Such as facilities, people, assets, supplies, financial resources
    ◦ Dependencies and interrelationships
    ◦ …

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page8


    20-22 April 2015
    BIA supporting BCM Goals
     Protecting company value and reputation
     Safeguards the reputation and future of the company in an
    emergency
     Increase shareholder value and demonstrates commitment by
    management
     Assures the survival of the company in the case of a serious incident
     Minimize financial losses in case of an incident or emergency

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page9


    20-22 April 2015
    ISO/TS 22317 on BIA
     Developed by ISO TC292 (“Security and Resilience”)
     Currently as DTS (Draft Technical Specification)
     To be published within the next couple of months
     Based on ISO 22301, ISO 22313 and ISO 22300
     Focus on Performing the BIA:
    ◦ Project Planning and Management
    ◦ Product and Service Prioritisation
    ◦ Process Prioritisation
    ◦ Activity Prioritisation
    ◦ Analysis and Consolidation
    ◦ Top Management Endorsement of BIA Results
     Annexes on
    ◦ Terminology Mapping
    ◦ Information Collection Methods
    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page10


    20-22 April 2015
    BIA Approaches

     Gold, Silver, Bronze


     Strategic / Tactical
     Iterations
     Questionnaires
     Workshops
     Interviews
    ◦ Middle Management
    ◦ Process Owners

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page11


    20-22 April 2015
    Challenges when doing a BIA
     Commitment
     Level of effort
     “Right” effort
     Correctness /Completeness
     No excessive overlap / no white spots

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page12


    20-22 April 2015
    Sokrates Maps – what’s this?

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page13


    20-22 April 2015
    Sokrates Maps – what’s this?

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page14


    20-22 April 2015
    Sokrates Maps – what’s this?

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page15


    20-22 April 2015
    Sokrates Maps – Benefits
     Benefits
    ◦ Foundation of method
    ◦ Psychological background
    ◦ Common view across hierarchies and disciplines
    ◦ Discover new:
     Ideas
     Facts
     Relationships
     Dependencies
     Communicate & visualize
     Hierarchical view on complex situations
     Electronic representation, communication and archiving

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page16


    20-22 April 2015
    Sokrates Maps - Applications

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page17


    20-22 April 2015
    Sokrates Maps - Applications
     Board Level view of a
    hospital:
     Get the big picture
    ◦ Based on details

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page18


    20-22 April 2015
    Sokrates Maps - Applications

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page19


    20-22 April 2015
    Sokrates Maps for BIA
     Visualisation of the standards (psychological foundation)
    ◦ ISO 22301, ISO 22317 (maturity model)
     Assessment tool, BIA support tool
    ◦ Presentation of BIA findings (electronic representation,
    communication and archiving)
    ◦ Usage as questionnaire (maturity model, psychological foundation)
     Single person or in workshops
    ◦ Visualisation (hierarchical, common view across disciplines)
     Overlaps (discover ideas, facts, relationships, dependencies)
     Gaps (discover ideas, facts, relationships, dependencies)
     Redundancies (discover ideas, facts, relationships, dependencies)
    ◦  Enhanced BIA quality and maturity

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page20


    20-22 April 2015
    BIA Critical Success Factors
     Follow best practices such as
    ◦ BCI’s Good Practice Guidelines and/or
    ◦ ISO Standards such a ISO 22301, ISO 22313 and ISO/TS 22317
     Obtain top management commitment
     Apply project management methodologies
     Follow a BIA approach fit for the selected type of BIA
     Use an approach compatible with the company’s structure
     Deploy tools helping to obtain a “true and fair” representation of
    products, services, priorities, dependencies and requirements
     Develop a hierarchical view on complex situations
     Use electronic representation, communication and archiving

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page21


    20-22 April 2015
    Thank you

    2015-04-12-.1

    © 2015 Kuwait Business Continuity Conference Page22


    20-22 April 2015

    You might also like