Professional Documents
Culture Documents
Types of Business Continuity Planning
Types of Business Continuity Planning
Types of Business Continuity Planning
Continuity Planning
• Introduction
• Objectives of BCP
• Approaches to BCP
• Dimensions of Scope
• Entry Points
• Q&A
If your focus is on
If your focus is on
If your focus is on
If your focus is on
Objective Approach
Infrastructure Business
Interruption
Office relocation Risks (BIR)
Dealing room Long term business viability
Brand image
Network Regulatory
Control room Client satisfaction
IT DRP Capacity
Network resilience Infrastructure risk
Server mirroring
i ons s s es i c es ts it
Equipment failures c t c e e rv ie n u n
un ro s cl ss
e s s f
ne s s p
uc t s /
it ic al
us i ne Business
u si n s i o d C r B
B Bu Pr
Source: Protiviti KnowledgeLeader http://www.knowledgeleader.com
Infrastructure
• Mainframe
• Networks
• Applications
• PCs and desktops
• Manufacturing infrastructure
• Logistical infrastructure
• Office locations
Source: Protiviti KnowledgeLeader http://www.knowledgeleader.com
Business
• Manufacturing
• Sales / order entry
• Payroll
• Dealing room activities
• Delivery
• Client communication
• Accounting and finance
Source: Protiviti KnowledgeLeader http://www.knowledgeleader.com
Business Interruption Risk
P R O C E S S R I S K
OPERATIONS RISK EMPOWERMENT RISK FINANCIAL RISK
Customer Satisfaction Leadership Currency
Human Resources Authority Interest Rate
Product Development Limit Liquidity
Efficiency Performance Incentives Cash Transfer/Velocity
Capacity Communications Derivative
Performance Gap Settlement
Cycle Time INFORMATION PROCESSING/ Reinvestment/Rollover
Sourcing TECHNOLOGY RISK Credit
Commodity Pricing Access Collateral
Obsolesence/Shrinkage Counterparty
Compliance Integrity
Business Interruption Relevance
Product/Service Failure Availability
Environmental
Health and Safety INTEGRITY RISK
Management Fraud
Trademark/Brand Name Erosion
Employee Fraud
Illegal Acts
Unauthorized Use
Reputation
Infrastructure Business
Interruption
Office relocation Risks (BIR)
Dealing room • TraditionalLong
approach
term business viability
• Very often limited to IT, then extended to
Brand image
"departmental" infrastructure or office
Network Regulatory
infrastructure
Control room • Very
Client often the business perspective is used to
satisfaction
assess criticality of infrastructure elements, and to
IT DRP Capacityjustify the cost (business impact analysis)
Network resilience Infrastructure
• Therisk
risk scope is limited to infrastructure risks
Server mirroring through analysis of threats (potential events)
i ons s s es i c es ts it
Equipment failures c t c e e rv ie n u n
un ro s cl ss
e s s f
ne s s p
uc t s /
it ic al
us i ne Business
u si n s i o d C r B
B Bu Pr
Source: Protiviti KnowledgeLeader http://www.knowledgeleader.com
Entry point: business
Infrastructure Business
Interruption
Office relocation Risks (BIR)
• Top-down approach
Dealing room Long term business viability
• Starting from a top-down analysis of the critical
Brand
business imageor processes.
domains
• For the critical business processes, assess the
Regulatory
Network
Control room dependencies and criticality.
Client satisfaction
• Often, the business interruption risk dimension is
IT DRP Capacityincluded into the business impact assessment,
Network resilience although
Infrastructure risk not always made explicit or limited to the
Server mirroring obvious business interruption risks.
i ons s s es i c es ts it
Equipment failures c t c e e rv ie n u n
un ro s cl ss
e s s f
ne s s p
uc t s /
it ic al
us i ne Business
u si n s i o d C r B
B Bu Pr
Source: Protiviti KnowledgeLeader http://www.knowledgeleader.com
Entry point: business risks
• Entering from looking at the business risks created by a
business interruption.
• Allows to include more than only the operational impact, for
instance product quality, brand image, health & safety, cash
flow, ... Infrastructure Business
• To manage these risks, next to BCP, other actions may be Interruption
included, for instance asset protection, supply chain
Office relocation
management, crisis management, media management,... Risks (BIR)
• Here we can provide the best added value
Dealing room Long term business viability
Brand image
Network Regulatory
Control room Client satisfaction
Capacity
IT DRP
Network resilience 2. Infrastructure risk 1.
Server mirroring
i ons s s es i c es ts it
Equipment failures c t c e e rv ie n u n
un ro s cl ss
e s s f
ne s s p
uc t s /
it ic al
us i ne Business
u si n s i o d C r B
B Bu Pr
Source: Protiviti KnowledgeLeader http://www.knowledgeleader.com
Risks
Assess risk
Accept or reject risk
Avoid risk, transfer risk or reduce risk to
acceptable level
Analyse performance gaps
Act to improve
Achieved by :
- Business Business-oriented,
- Risk risk-based
Geert Vancoppenolle
Brussels
+32 / 2 / 545.31.20
geert.vancoppenolle@be.arthurandersen.com