ISO 22301:2012

Societal Security - Business Continuity

Management System
Business must go on !

2
Is your organization ready to respond?

3
BCM defined

“Business Continuity Management (BCM) is a framework

for identifying potential threats to an organization and
building organizational capability to respond to such
threats, in order to safeguard the interests of key
stakeholders, reputation, brand and value-adding activities”

4
Definitions:
Maximum Tolerable Period of Disruption (MTPD):
Time it would take for adverse impacts, which might arise
as a result of not providing a product/services or performing
an activity, to become unacceptable.
Recovery Time Objective (RTO):
Period of time following an incident within which
• Product or service or activity must be resumed,
• Resources must be recovered

5
MTPD and RTO

Maximum Tolerable
Period of Disruption
(MTPD)

= RTO

6
Business Continuity Management Life Cycle

7
ISO 22301 – Key Requirements
Clause 1 - Scope
Clause 2 – Normative references
Clause 3 – Terms and definitions
• Clause 4 – Context of the organization • Clause 8 -
• Clause 5 - Leadership
Operation
• Clause 6 - Planning
• Clause 7 - Support

Plan Do

Act Check
• Clause10 – Improvement • Clause 9 -
Performance
evaluation
14
16
Developing & Implementing BCM Response

• Incident response structure and Crisis Management

• Incident management plan
• Business continuity plan

17
Exercising and Testing

• Exercise program

• Exercise arrangements
• Maintaining BC arrangements
• Reviewing BC arrangements

18
 Levels of Eventuality @ TPDDL
Scope Level-1 Level-2 Level-3
Minimal localized.
Operation Activities of Significant localized activities Very Significant all activities are
Most of the activities
TPDDL are shutdown. shut down for a period of time.
not effected.
Emergency Management Consulted regularly and actively
Probably none. To be Consulted if needed
Team involvement involved.
Emergency Support
Function Involvement Limited or none Involved Actively involved.

Circle Incident Controller Limited or none Involved Involved and coordinate through
Circle Emergency Control Center.
Emergency Operation
Involved Actively involved Actively involved.
Team
Potential exists for an
embarrassing situation. Potential exists for an embarrassing
Public & Government Limited. Government agencies may situation and government
Concern.
investigate prevention/ investigations or hearings.
response/ recovery efforts.

Site-specific or general
Contractual Manpower Site-specific localized impact with possible General impact with probable
impact. Injuries disruptions. Injuries and possibly
and working staff. possible. disruptions. Injuries fatalities are a serious concern.
possible.

None expected or Local, regional and possible

Media Coverage limited local coverage. Local/regional coverage. national coverage.
20
BCMS Audit Schedule
NDPL House, Hudson Lane, Kingsway Camp,
Audit Location Date of Audit 2015-03-09
New Delhi
Audit I.D. Certification Audit – ISO 22301 Client Tata Power Delhi Distribution Limited
Mr. Ajit Maleyvar
Management
Mobile : 09818100591 Team Auditor(s) 1) Mr. Manoj Gupta (9910085649)
Rep.
E-mail : ajit.maleyvar@tatapower-ddl.com M/s BSI (Delhi) 2) Mr. Virender Dewan (9818444643)
Audit Guide Mr. Sanjeevan Joshi (09969012427)
Provision of Services for the Distribution of Power to North and Northwest Delhi, Including Operations, Commercial, Engineering
Scope
and all Support Functions
Focus Areas Business Continuity Plan
9th March 2015 (Monday)
Time Group Location Auditor Presentees / Auditee Coordinator
SLT + Mr. Yogesh Luthra +
Mr. S L Soni + Mr.
9:30AM- Corp. Office P.Devanand + Mr.
Opening Meeting with BSI 1, 2 Ajit
10:00 AM Board Room Sombuddha Chaudhary + Mr.
Saurabh Srivastava + Mr. Ajay
Kalsie
Meeting with Top Management
To ascertain (1) Involvement of Top Management in the BC Processes and (2)
10:00 AM–
Monitoring by Top Management. Discussion shall be regarding- (a) BCM Corp. Office 1, 2 Mr. Sunil Singh Ajit
10:30 AM
Context / Scope / Objectives and Policy (b) Risk Appetite & Resources and (c)
BCM Awareness and Culture
Strategic Review of “BIA & RA”
11:00 AM - Including BCM organization, Role and Responsibilities of individuals, Response Shalimar
1, 2 Ajit
12:30 PM Structure and BCM Plans – DMP, Resumption Plan, Recovery Plan, Restoration Bagh
Plan and Resources aligned. Mr. Yogesh K Luthra,
Mr. Sombuddha Chaudhury,
BCP Training, Exercise & Testing Procedures Mr. Saurabh Srivastava
12:30 PM - Shalimar
Checking of “Awareness” level, Exercise pattern and exercise schedules 1, 2 Ajit
1:00 PM Bagh
including the “BCP Testing” reports.

21
Key Records
• Risk Analysis
• Business Impact Analysis
• Business Continuity Policy
– Communication / Awareness
• Competency of BC Team
– Education / Experience / Training
• Exercising & Testing
– Guidelines for conducting mock drills
– Mock Drills (Plan vs Actual, Deviations, Correction Actions)
• Continual Improvement & Management Review (MOM)
• Internal Audit of DMP & IT BCP
– Report & its compliance

22
Thank You