You are on page 1of 35

Anil J Jhumkhawala . Director-Compliance. Qualification . B,com(Hons), LL.

B, CAIIB, ACS,Company Secretary, BS-25999 LA,Computer forensic (GOV OF INDIA),cVa™. Task force member GRC.

©Anil copyright protected

5/22/2009

1

BCM Program Management
Business risk Technology risk Financial Risk

BCM Environmental risk Human risk

©Anil copyright protected

5/22/2009

2

BCM
1. Overview

1. Understanding Definitions 2. Identifying critical activity 3. BIA

2.BCM Prog I

4. IMP,IRS,MTPoD,RTO 5. Maintain & Review 6. Exercise BCM 7. Internal audit 8. Certification
©Anil copyright protected 5/22/2009 3

3.BCM Imple

©Anil copyright protected

5/22/2009

4

©Anil copyright protected

5/22/2009

5

©Anil copyright protected

5/22/2009 Source Standard BS-25999

6

©Anil copyright protected

5/22/2009 Source BS25999 standard

7

Anil copyright protected

5/22/2009

8

©Anil copyright protected

5/22/2009

9

Understanding the organization: Key product, services, critical activities, objectives, stakeholder’s obligations, statutory bodies, BIA, Impact of Disruption, MTPoD, RTO, continuity Requirements, Staff, people, technology, suppliers, Risk acceptance,Transfers, changes,

Business Continuity strategy: Reduce Likelihoods, continuity to critical activity resumptions, People, permission, technical, Information, supplies, shareholders, signatories etc.

BCM Programme Management:organistion approach, appointment of senior, communicate, training, exercise, review, BIA, policy, BCM scope, IRS, SLA, etc

Exercising Maintain, Review, preventive actions, corrective actions and follow-up and training.

Developing and Implementing Resource Team: critical activity, application strategy, Incident Response, structured plans, control plans, Incident Management plans (IMP), Media response, location, Resource requirements.

©Anil copyright protected

5/22/2009

10

Understanding need of Continuity-Policy Implementing operating control-Overall Risk Monitoring review effectiveness-BCMS Continual improvement NeedRiskAt parGlobal RequirementsChanging world-

©Anil copyright protected

5/22/2009

11

Key components-BCMS As per BS-25999

©Anil copyright protected

5/22/2009

12

MASTER PLANNING

BCM culture

confidence

stakeholders

Risk management

Maintain Reduce cost

Review Exccercise Improve Net Asset Value

Internal Audit Increase Revenue

Incident management Plans

Incidence response structure

MTPoD?RTO

Likelihood of events

Key Products/services

Critical activity

Sites/locations

Number of Employees

©Anil copyright protected

5/22/2009

13

Anil copyright protected

5/22/2009

14

IMP
©Anil copyright protected 5/22/2009 15

Define scope
• Acceptableinterest stakeholders

Policycommitments
• Minutesaddress concern • Limitation exclusion

Resources
• Roles-defineddocumented • Reinforce commitments

©Anil copyright protected

5/22/2009

16

Awareness to All
Records

Training

BCM objective
value

Roles

Measure

Necessary competency of personals assigned

Embedding culture
©Anil copyright protected 5/22/2009 17

Strategy Map-Documentation
BCM-manual scope 3.4.1

Maintenance

Controls

Increase Revenues-Confidence

Continual Improvement 6.2

Management Review 5.2,

Documented Procedure 3.4.1.3

Internal audit-Preventive-corrective actions 5.1-6.1-6.2

INTERNAL PROCESS

Risk assessment improve finance Processes 4.1.2

BCP & IMP 4.3.3

BCS & IRS 4.2 & 4.3.2

BIA & BCM Exercising 4.1.1 & 4.4.2

BCMS

Scope-Objective 3.2.1

BCM-Policy 3.2.2

Provision of Resources 3.2.3

Competency- skills Training 3.2.4

©Anil copyright protected

5/22/2009

18

Control Of Records 3.4.2

Control of documentations 3.4.3
©Anil copyright protected 5/22/2009 19

Documented Procedure shall – control over BCMS Documentation and records. Documented Procedure shall-for preventive actions 6.1.2

Documented Procedure for corrective actions .6.1.3

©Anil copyright protected

5/22/2009

20

BCM owner from the Board
• MR • Silver Team • H.R (Trainer) • Gold Team

©Anil copyright protected

5/22/2009

21

Suppliers

Contractors Creditors

Shareholders

Bankers
©Anil copyright protected 5/22/2009 22

BIA
MR SILVER GOLD

• IMP • IRS • MTPoD • RTO • Preventive • Corrective

Critical Maintain

IMP

IRS

©Anil copyright protected

5/22/2009

23

©Anil copyright protected

5/22/2009

24

©Anil copyright protected

5/22/2009

25

MR

GOLD

SILVER

BOD

©Anil copyright protected

5/22/2009

26

audit maintain exercise

Review

©Anil copyright protected

5/22/2009

27

UNDESTANDING
Incident management plans

Media

Incident strategy

Appointed spokesman

Manage and maintain Guidance and Templates

Mnagemnt

Provide convenient access to communicate.

Employee-Relatives Stakeholders media

Managing issues

Restoration of critical activity

INTERNAL PROCESS

Methods-contacts Agencies locations Process standing Once incident is over Identify needs and Lines of Communications

Guideline criteria To Invoke

Consequences Welfare of individuals

Improve key reference Information

Define roles and Responsibilities

Managing Incidence processes

Media response

Each Plan shall Defined Purpose and scope

Accessible and understood

Reviewed Owned-Responsible ©Anil copyright protected

Relevant arrangement External Organisation

IMP

5/22/2009

28

©Anil copyright protected

5/22/2009

29

Audit plans

• Audit Programme shall be planned,established,implemented for BIA,RA,controls . • Shall-address responsibilities,competencies,planning,audit criteria. • Shall be maintained for verifications. • mitigations measures

Audit Process

Audit Records Evidence

Audit notes

• help to improvise

©Anil copyright protected

5/22/2009

30

Anil copyright protected

5/22/2009

31

©Anil copyright protected

5/22/2009

32

BS-25999 Exercise
Procedure

Preventive

BIA
IMP IRS

Corrective

Document

© Anil copyright protected

5/22/2009

33

© Anil copyright protected

Thank You

Anil.jhumkhawala@gmail. com,anil@securematrix.in

©Anil copyright protected

5/22/2009

35