erman taŞkin . erman taŞkin İş sürekliliği yönetim süreci ve karar verme metodolojisi

ERMAN TAŞKIN

www.ermantaskin.com/bcm

ERMAN TAŞKIN

İş Sürekliliği Yönetim Süreci ve Karar Verme Metodolojisi

BC Decision Making Methodology

AGENDA

1.BCM Organization Understanding2.BCM Impact Analysis Process3.BCM Strategy4.BCM Implementation Methodology

Documentation


ITIL(ITSCM) & BS25999

BCM Program Management

Based on BS2599

BCM Documentation

Understanding the organization

BCM Decision Making

BCM Decision Making

Assess cirtical services impactsEstablish maximum tolerable period of disruptionIdenfity any inter-dependent activitiesService Catalog investigation CMDB usage for relationships definition

Business Impact

Analysis

Identification of critical activities

Determining Continuity

Requirements

Risk assessment

Determining choices

BCM Decision Making

Assess operational processesDetermine financial values of services and

activitiesConsider SLA targetsUse Availability PlanUse Availability Reports

Business Impact Analysis



Requirements

Risk assessment

Determining choices

BCM Decision Making

Staff resourcesWork siteSupporting technologyProvison of informationExternal services and suppliers




Requirements

Risk assessment

Determining choices

BCM Decision Making

Level of risk should be understood specifically

Choosing risk assessment approachElements that risk assessment process

includeDetermination of criteria for risk acceptanceIdentification of acceptable levels of riskAnalysis of the risks




Requirements

Risk assessment

Determining choices

BCM Decision Making

Do nothingManual Work-aroundsReciprocal arrangementsGradual Recovery (cold stand by)Intermediate Recovery (warm stand by)Immediate Recovery (hot stand by)




Requirements

Risk assessment

Determining choices

Business Impact Analysis Process

Set up an impact analysis project

Identify a project coordinator to carry out the business impact analysis.

Define the objectives and scope of the business impact analysis project.

Choose an appropriate methodology or tool for carrying out BIA. Create a work schedule and project plan. Launch the business impact analysis project.

Evaluate the effects of disruption and the impacts on operations

Effects of disruption Loss of assets

Key personnel Physical assets Information assets Market share

Disruption to the continuity of services and operations Violation of a law or regulation Negative public perception

Effects of disruption on the company’s operations Financial Clients and suppliers Public relations Legal Regulatory considerations and requirements Environmental Operational Delays Credibility Other resources


Determine loss exposure

QuantitativeRevenue lossFinancial penaltiesGross cash flow Accounts payableLegal liabilitiesHuman resourcesAdditional expensesHigher cost of work

QualitativeHuman resourcesMoraleConfidenceLegalSocial and corporate imageFinancial credibility


Business impact analysis - data collection

Gathering data using a questionnaire

Understand the importance of the questionnaire’s conception and distribution.

Clearly explain the rationale for the questionnaire. Offer support to personnel while they complete the

questionnaire. Review completed questionnaires. Conduct follow-up discussions to obtain clarifications


Gathering data through interviews

Explain the purpose of the interview. Clearly establish the type of information that is being looked for. Compile a list of elements to cover during the interview Consult the list throughout the meeting to ensure none are omitted. Plan follow-up interviews

Gathering data through workshops

Set up a workshop schedule Compile a list of objectives to be met. Identify the appropriate level of participation from managers Identify an appropriate evaluation area, Identify the equipment needed and personnel availability. Interact with personnel during the workshops and discussions. Ensure that workshop objectives are met. Ensure that all possible impacts raised during workshops are written

down.


Decide upon data analysis methods (manually or using a computer). Assess the potential financial and non-financial impacts of the risks

compiled. Prepare business impact analysis report

Prepare drafts of the business impact analysis report, including the list of impacts.

Provide participating managers with a draft report and ask for their comments. Review the managers’ feedback Plan a meeting with participating managers to discuss the initial findings. Prepare and make formal presentations to colleagues and executives regarding

the findings


Define business functions and critical data

Establish a definition of what is “critical” for the organization With management, identify one or more critical levels.

financial (loss of revenue, cost of recovery) recovery time. With these two criteria, it is possible to classify

impacts as: critical & major & minor.

Identify vital data for ensuring BC and the recovery of the organization’s operations. Identify support teams. Identify interdependencies

Prioritize critical elements for the organization in the impact mitigation process.

Determine the time and resources necessary for recovery

Define recovery processes for critical business functions based on criticality criteria Determine the order of recovery for critical business functions Determine the minimum resource requirements for recovery

Internal and external resources. Resources owned or not Existing and accessible resources.

Evaluate the maximum period of time Evaluate the maximum period of time during which information can remain

unavailable. Evaluate how long information can be allowed to “age” without being updated. Evaluate the amount of information that can be lost without causing major

prejudice to the organization. Evaluate the limit beyond which the company’s operations will sustain major

prejudice due to the disruption.

Identify business processes

Interrelation between business processes Processes dependencies

InternalExternal

In terms of technology

Determine replacement times

EquipmentSostwaresDataKey personnelRaw material

Determining BC StrategyPeopleLocationsTechnologyInformationSuppliesStakeholdersCivil emergencies

BCM Implementation Methodology

BCM implementation documentation


erman taŞkin . erman taŞkin İş sürekliliği yönetim süreci ve karar verme metodolojisi

Documents