Professional Documents
Culture Documents
3
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Disaster Recovery
Risk Assessment
Crisis Management
Incident Management
Incident Response
4
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Professional’s Role
1. Establish the need for a business continuity program
2. Obtain support and funding for the business continuity program
3. Coordinate and manage the implementation of the business continuity program throughout the entity.
Leadership may not support the business continuity program if they do not see value in it
Gaining leadership commitment should be accomplished before any other business continuity tasks
Other:
Other professionals may not be aware of how vulnerable their business is to all kinds of disasters. Establishing
the need for a business continuity program requires you perform the following tasks:
1.1. Research and reference relevant business, legal, regulatory, statutory, and contractual requirements and
restrictions both from an internal and external perspective, providing recommendations on compliance
and conformity for the entity
1.2. Reference relevant standards developed by national or international standards development bodies
and/or trade or industry associations
1.3. Identify and resolve any conflicts between the entity’s policies and relevant external requirements
1.4. Review existing audit reports to ensure the proposed business continuity program adequately addresses
any gaps or opportunities
1.5. State the benefits of business continuity within the context of the entity’s mission, objectives, and
operations
1.6. Explain the role of leadership, including their accountability and liability related to business continuity
1.7. Develop formal reports and presentations about the potential impacts of risks to the entity
5
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Minimize the loss of assets, controls, revenue, and impact upon customers
Which item is similar to a business continuity policy statement and who signs it?
6
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Important: Presenting legal and regulatory requirements to leadership is an effective way to establish the need
for business continuity management!
7
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Role of Leadership
Protect and preserve the entity’s assets and resources
Assignment key functional personnel to required roles
Protect entity from consequences of:
Business interruption
Loss of business-critical information
Inadequate protection of assets and resources
Loss or disclosure of customer personal data
Cyber-related issues
8
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Assumption – something that you accept as true without question or proof (Cambridge English Dictionary)
9
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
After the business continuity program is implemented, what tasks must follow on an ongoing basis?
10
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Use
Useofofthe
theProfessional
Professional
Practices
Practicesframework
frameworktoto
develop,
develop,implement,
implement,maintain
maintain
the
thebusiness
businesscontinuity
continuity
program
program
11
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Execution
Crisis Management Team
(Steering Committee)
Emergency Response
Group/
Damage Assessment Team
Business Continuity Leader
Impa
ct
12
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Laws
Created by duly authorized governments (Federal, state, municipal) – Legislative, Executive
Punitive- Criminal prosecution (Fines, Imprisonment), Civil litigation (Fines, Other penalties)
Regulations
Created by government/industry regulatory bodies
Punitive (Fines, Shutdown)
Subject to annual (operational/financial) audit conducted by a third party (Performance, Prescriptive)
Results are board issues
May create vendor requirements (due diligence) (e.g. Office of the Superintendent of Financial Institutions (OSFI),
Personal Information Protection and Electronic Documents Act (PIPEDA)
Standards
Voluntary (Non-punitive)
Conformity assessment through:
First-party – carried out by the entity itself
Second-party – carried out by a “interested party”, such as a customer or supplier
Third-party – carried out by an independent body, such as an audit firm
Standards are sometimes referenced in regulations
Standardization in a state of constant flux:
The Professional Practices for Business Continuity Management – revised every four years
ISO 22301 – revised or reaffirmed every 5 years
NFPA 1600 (the ANSI national standard) – revised every three years
CSA Z1600 (the Canadian national standard) – revised every three to five years
13
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Report to Leadership
Set up a reporting structure and status reports
Program compliance
Exercise/test results
Industry standards and benchmarking
What are the competition and peers doing?
Formal reports and presentations
Know what they need to know
The benefits and value of business continuity
Compliance and conformity requirements
The status and any changes to the business continuity program
Important Concepts
Professional Practices – Emphasize knowing each of the subject areas.
Establish the need for business continuity – Highlight how business continuity adds value to obtain “buy-in” for
the program.
Emphasize leadership may not support the business continuity program if they do not see value in it.
Program management – It is important to get leadership commitment in order to develop the plan and achieve
objectives.
Business continuity responsibilities – Emphasize leadership liability, the role of the steering committee, and of
the business continuity professional. Emphasize business continuity team members should be assigned
continuity responsibilities consistent with each member’s job description.
Steering committee – This group provides guidance, oversight and approval of resources for the business
continuity program.
14
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Class Exercise
1. Work in assigned teams
2. Select a team presenter
3. Be prepared to present your findings to the class
4. Develop a presentation to the leadership of your entity that addresses the following points:
a. The importance of business continuity
b. Any relevant regulations to your entity
c. The resource requirements for a program that need to be completed (e.g., risk assessment, business
impact analysis, business continuity plan)
d. A program plan overview with well-defined deliverables
15
BCLE 2000: Canadian Participant’s Guide Lesson 1: Program Initiation and Management
Knowledge Checks
Professional Practice One: Program Initiation and Management
Circle the best choice for each question below. There is only one correct answer for each question.
1. What information should be presented to leadership about the need for business continuity?
a. Mechanisms for exercising and auditing
b. The schedule for reporting progress
c. Legal and regulatory requirements
d. The entity’s increasing reliance on technology to conduct operations
2. Which team is responsible for defining the objectives, structure, policies and charter for the business
continuity program?
a. Functional recovery teams
b. Steering committee
c. Incident response team
d. Damage assessment team
3. What is the most critical element to the success of the business continuity planning effort?
a. The policy statement written by the business continuity professional
b. Leadership commitment
c. The business impact analysis
d. Documenting all changes
4. Which team provides resources and support to the business continuity program?
a. Incident response team
b. Steering committee
c. Business continuity development team
d. Technology recovery team
Canadian Resources
Public Safety Canada - Resources
https://www.publicsafety.gc.ca/cnt/rsrcs/index-en.aspx
16