Professional Documents
Culture Documents
Annette Myburgh
Acting COO
February 2020
What is business continuity & resilience?
• It enables a Department to -
• prepare for,
• respond effectively to, &
• recover from
any disruptive incidents / events thereby ensuring sustainability &
achievement of the Constitutional imperatives i.e. service delivery in the
event of disruptions
2
3
Acts governing Business Continuity Management
4
Other guidelines & standards on Business Continuity Management
King IV Report
Guidelines /
standards
Minimum Physical Security Standard
6
Operational Risks & Business Continuity
Business Continuity Management (BCM) addresses a subset of Operational Risks
that are outside the organisation’s control
Risks
Operational
Risks
Financial
Risks
BCM
Risks
1
Environ-
ment &
business
analysis
4 2
Exercise,
6 Determine
Embed a BCM
maintain & BCM
review culture strategy
3
Develop
BCM
response /
plan
9
Nine major incident / threat categories
IT infra-
Natural Health
structure &
incidents incidents
equipment
Failed
Physical & Labour /
internal &
information political
external infra-
security unrest
structure
10
Risk identification
Inaccurate data
Inability to
do deliver Damage to
on Stats Stats SA’s
SA’s reputation
mandate
12
1
Environ-
ment &
business
analysis
13
1.2.1 Recovery Point & Time Objective & Maximum Tolerable Time of Disruption
Time of disruptive
incident / disaster
Last viable
restore point /
last point All
where data is in functionality /
usable format / systems
last backup recovered
Normal Operations
Time
RPO Hours? RTO MTTD
14
1.2.2 Critical Product/Process Priority List as determined during business impact
analysis
S S S
D D D
D D D
S S S
15
1.2.2 Critical Product/Process Priority List as determined during business impact
analysis
M Electricity M Mining
QLFS Production &
Sales
M
Manufacturing
QES Production &
Sales
M Building
QFS
Municipalities
GDP Plans Passed
S
D
D
S
Annual Population
Mid-year Census (&
Population PES) -
Estimates periodically
17
1.2.3 Critical Product/Process Priority List:
Critical dissemination period
S S S
D D D
D D D
S S S
Q GDP: M PPI:
M CPI:
1st week Last
3rd week
3rd week of
of month
month month
18
1.2.3 Critical Product/Process Priority List:
Critical dissemination period
QFS M Building
Municipalities:
Last week 3rd
GDP Plans Passed:
3rd week
month
S
D
D
S
Annual Mid-
Population
year
Population Census (&
Estimates: PES) –
July (April to periodically
July) (2022)
20
1.2.4 Critical Product/Process Priority List:
Systems / applications & databases
S S S
D D D
D D D
S S S
CPI: PPI:
CPI GDP: PPI
capturing SNAPS capturing
application (MS Excel) application
& database & database
21
1.2.4 Critical Product/Process Priority List:
Systems / applications & databases
M Electricity:
QLFS: Capturing Capturing M Mining
& scanning / application & Production &
CAPI system & database Sales: Capturing
database application &
M Manufacturing
database
Production &
QES: Capturing Sales: Capturing
application & application &
database database
QFS M Building Plans
Municipalities: Passed:
Capturing GDP Capturing
application &
application &
database database
QFS Private M Wholesale
Sector: Trade Sales:
Capturing Capturing
application & application &
database database
M Land Transport: M Retail Trade
Capturing M Motor Sales: Capturing
application & Trade Sales: application &
database Capturing database
application &
database 22
1.2.4 Critical Product/Process Priority List:
Systems / applications & databases
S
D
D
S
23
1.2.5 Critical Product/Process Priority List:
Generic Systems
Stats SA website
24
1.2.6 Critical Product/Process Priority List:
Generic Software
SAS
Generic
software
MS Excel
MS Word
MS PowerPoint
25
1.2.7 Critical Product/Process Priority List:
Corporate Services: Systems
26
1.2.8 Stats SA ICT Disaster Recovery Plan
Last viable
restore point /
last point All
where data is in functionality /
usable format / systems
last backup recovered
Normal Operations
Time
-1 day 2 hours 8 hours 1 day
28
RPO RTO MTTD
2
Determine
BCM
strategy
BCM Strategy
29
2
Determine
BCM
strategy
30
2.1 BCM goal
To protect Stats SA’s reputation through safeguarding Stats SA’s:
1 2 3
Premises, Business
Personnel facilities, processes &
assets products
4 5 6
Technology i.e.
Infrastructure, Information Stakeholders
systems & e.g. data interest
databases
to ensure Stats SA can continue critical operations, & deliver critical products &
services according to its mandate when a disruptive incident occurs 31
2.1 BCM objectives
32
2
Determine
BCM
strategy
33
2.2 BCM mitigating strategies to prepare for, respond to & recover from disruptive
incidents
34
2.2 Recovery Point & Time Objective & Maximum Tolerable Time of Disruption
Time of disruptive
incident / disaster
Last viable
restore point /
last point All
where data is in functionality /
usable format / systems
last backup recovered
Normal Operations
Time
-1 day 2 hours 8 hours 1 day
35
RPO RTO MTTD
2.2 BCM mitigating strategies to safeguard each of the following areas
1 2 3
Premises, Business
Personnel facilities, processes &
assets products
4 5 6
Technology i.e.
Infrastructure, Information Stakeholders
systems & e.g. data interest
databases
36
2.2 BCM mitigating strategies
38
BCM Plan
Overarching
BCM Plan
1 2 3 4
Incident Mgt Crisis Branch / CD /
& Response Communi- Directorate ICT DR Plan
Plan cation Plan BCM Plans
Last viable
restore point /
last point All
where data is in functionality /
usable format / systems
last backup recovered
Normal Operations
Time
-1 day 2 hours 8 hours 1 day
40
RPO RTO MTTD
1. Primary contact in case of an emergency / disruptive incident
1.1
Emergency
Evacuation
Plans &
Guide
41
1. Stats SA Head Office alternative escape routes
1.1
Emergency
Evacuation
1. Freedom Park Plans &
Guide
2. Voortrekker Monument
42
1.1 Stats SA Emergency Guide
1.1
Emergency
Evacuation
Plans &
Guide
43
1.2 Stats SA Emergency Response Procedure
1.2
Emergency
Response
Procedures &
Processes
44
1.2 Stats SA Emergency Response Procedures & Processes
1.2
Emergency
Response
1. Evacuate the building Procedures &
Processes
45
1.2 Stats SA Emergency Response Procedures & Processes
1.2
46
2. Crisis Communication
2
Staff contact information Crisis
Communi-
cation Plan
External communication
Internal communication
47
3. & 4. Stats SA recovery sites
3 4
Head Office: Branch / CD /
Directorate ICT DR Plan
BCM Plans
1. SITA for HRM & Finance
48
4
Exercise,
maintain &
review
49
BCM exercises & maintenance
1 Desktop scenario
1.1 Walk-through scenarios 1.2 Call tree scenario 1.3 Simulation scenario
3 Hybrid exercise
(Test with one Branch / CD)
50
5
Policy &
Programme
Mgt
51
5
Policy &
Programme
Mgt
52
5.1 BCM Structure National
Key Point
Business
Joint Planning
EXCO - Strategic Continuity
Committee
Committee
Damage Crisis
Tactical Assessment Communication
Committee Committee
SHERQ
Operations Management Committee and Business System
and staff Incident Recovery Recovery (ICT
Identification Committee DR) Committee
Committee
5.1.1 Business Continuity Committee (BCC)
Also Chairperson of
Chairperson of Section 16.2 JPC, SHERQ,
BCM delegation
BRC Coordina- DAC
from OHS Act
tor: Chair- 1995 official:
BCM FMLS: CD
person CD: FMLS
Manager/ (Acting Security:
subject COO) Director
matter
expert
Security
Risk Mgt: Coordina-
Director tor:
Dipalopalo
BCC
EPS: CD Reps from
Branches
Finance:
BM: CD CFO
Communi-
cation &
ICT: CD
Chairperson of Marketing: Chairperson of
HRM: CD CD
ICT DRC CCC
54
5.1.2 Stats SA Contingency Teams (CT)
SHERQ &
Incident
Mgt
Committee
Fire Evacuation
Marshalls Officers
First Aiders
55
5.1.3 Stats SA ICT Disaster Recovery Team
ICT Risk
Mgt:
Director ICT Risk
ICT: CD
Mgt: DD1
Business ICT Risk
Moderni- Mgt: DD2
sation: CD
57
See attached BCM policy outlining the different BCM
Committees & responsibilities
58
6
Embed a
BCM
culture
59
6.1 BCM awareness creation & training plan
1 2 3
BCM awareness creation BCM awareness creation Formal BCM training
products workshops / meetings
60
6.1 BCM awareness creation & training plan
• BCM procedures e.g. • Banners & posters on • BCM articles in Pulse and
emergency guide pamphlet evacuation routes and on Intranet
& process maps assembly points
• Training for Stats SA Contingency Teams • Training for Stats SA BCM practitioners,
(SHERQ Marshalls) at Head Office, Provincial Auditors, & representatives from Exco &
Offices & District Offices i.e.- CDF
• First Aid
• Fire
• Evacuation
5
Policy &
Programme
Mgt
64
5.3 BCM Budget
Item CD Budget
RAIM
BCM awareness creation products
RAIM
Contingencies in case of disruptive event R 200 000 per annum
FTSM
Training: Contingency Teams (SHERQ Marshalls) - all offices:
R 2 million every two years
Training: BCM practitioners, Auditors, & reps from Exco & CDF R 75 000 per annum
HRD
ICT disaster recovery contract & site – replicating 25 servers & R 2 500 000 per annum
ICT
hosting it
66
The way forward
67
Continuous improvement (P-D-C-A cycle)
1
PLAN –
(Stakeholder A. Risk identification period
requirements&
BIA)
4 2
ACT – (Analyse INCREASED DO (Implement
D. Critical information
to improve & RESILIENCE BCM Strategy & B. Proactive period
gathering period maintain) Plan)
3
CHECK,
(Monitor,
validate &
C. Reactive period
review – is
delivery as
required?)
68
Team that contributed to the development of BCM for Stats SA
CD: FMLS:
BCM Thulani
Coordinator: Ntshangase,
Pravin Director:
Acting COO /
Kaylaser & HRM:
Programme
Fazel Shah Francois
Office:
Massyn
Annette
ProgrammeMyburgh
Office: CFO: Bheki
Annegret Mathunjwa
Mphahlele
BCM
CD:
Programme team / Corporate
Office:
Development
contri- Governance:
Bruce Jooste
of process
flows
butors and Thapelo
Matsapola
CD:
Casper vd Communi-
Westhuizen: Director: cation:
Designing Director: ICT Trevor
Corporate
awareness Risk Mgt: Oosterwyk
Services and
materials Sibongiseni and Tracy
Security
Ndlangisa Daniels
staff,
and Vincent
Provincial
Mokonyane
Offices 69
This has been an interesting journey!
As from 1 April 2020 the responsibility for BCM will move to its
rightful place i.e.
70
THANK YOU
71