1 / 22

Business Continuity Planning

Business Continuity Planning. An experience based approach. Tam á s Gaidosch Director, Information Risk Management KPMG Central and Eastern Europe +36 1 270 7139 tamas.gaidosch@kpmg.hu. Piaţa Financiară Centre de Continuitate Operaţională şi Recuperare din Dezastre - ediţia II

vanessalee
Download Presentation

Business Continuity Planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Continuity Planning An experience based approach Tamás Gaidosch Director, Information Risk Management KPMG Central and Eastern Europe +36 1 270 7139 tamas.gaidosch@kpmg.hu Piaţa Financiară Centre de Continuitate Operaţională şi Recuperare din Dezastre - ediţia II Bucuresti, 11.02.2003

  2. Agenda • KPMG in a nutshell • Definitions • BCP, DRP, etc…what are we talking about? • Goals • what do we want to achieve? • The method • a practical way to achieve the goals • The experience • what works and what does not? • Q & A

  3. KPMG in a nutshell • One of the leading professional services firms • Offices in more than 160 countries • Over 100 000 professional staff worldwide • Central and Eastern Europe: 15 countries, over 2 500 professional staff • full breadth of audit and consulting services

  4. Information Risk Management (IRM) IRM services E-Assurance E-Advisory Audit and other financial assurance services Information Risk Management(IRM) IT Consulting

  5. Definitions • DRP (Disaster Recovery Plan) • the roots of business continuity planning (‘70s) • focused on IT recovery • BCP (Business Continuity Plan) • scope extended to the business processes • BCM (Business Continuity Management) • focuses on continuous availability • CM (Crisis Management) • deals with big disasters

  6. Goals What do we want to achieve with a BCP? Recovery of services • as fast as possible • as cost effective as possible

  7. Why bother? • Image, good reputation • Meet client expectations • Minimise financial losses • Regulatory compliance • Manage operational risk Tomorrow:TO SURVIVE

  8. Numbers Average loss caused by one hour of IT disruption Source: Datamotion

  9. Numbers Causes of IT disruptions Source: Gartner Group

  10. Costs – with plan and without

  11. The method Business Continuity as a process Verify Normal Transient Recover 100% 0% Bus. Processes Bus. Processes Prepare Respond Activate Event Crisis

  12. The method Phases of the the plan • Preparation • Before the event • Response • immediately after the event • Transient operations • alternative processes • diminished capacity and functionality • Recovery • returning to normal operations

  13. Running a BCP project • Business impact analysis (BIA) • Plan development • Implementation • Testing • Training • Maintenance

  14. Business Impact Analysis (BIA) • Process and risk assessment • Impacts of disruption • financial • operational • legal • reputation • Results • priorities of business processes • critical processes and systems • maximum allowable downtimes

  15. Business Impact Analysis (BIA) Financial impact of disruption Business Process day 1 2-3. 4-5. Business Unit week 2 3-4 after disruption Treasury Cash supply of branches Cash management Bulk deposits BranchNetwork Cash transactions Transfers Claims resolution Loans Central Cust. Care Non-stop Call Center Claims resolution Low Medium Severe

  16. The experience Projects delivered • For major financial institutions • Typical length: 6-8 months • Typical effort: 5-6 manyears • Typical outputs • 1200+ pages of analysis and plans • customised BCP software solutions • hundreds of staff trained

  17. The experience What is key and what is not? • The business impact analysis is crucial! • deep business understanding and experience • experience in business and risk analysis • objectivity (?) • The method is less important • Software (database) support • No testing = waste of money • No maintenance = false sense of safety

  18. The experience Who should do the project? • Employees • their participation is a must • External consultants • not absolutely necessary, but: • bring in wide experience and support tools • do not start from ground zero, do not commit basic mistakes, do not get stuck in the process • help the objectivity (external eye) • External IT providers • they know the most about their systems

  19. The experience How to tell a bad plan? • Thick, cumbersome manual • A piece of work done by the IT and for the IT • Only known to those who created it • Result of a compulsory homework, without support and staff not trusting it • Gathering dust on a shelf somewhere...

  20. The experience How to tell a good plan? • Easy to use, well structured • Covers all important areas • Testable and maintainable • Up-to-date (timely inclusion of changes) • A living and well-known document

  21. The broader view Business Continuity Management Services Availability Reliability Recoverability Issue Enterprise High Availability (EHA) Service Level Management (SLM) Business Continuity Planning (BCP) Solution Achieve and maintain set availability targets Effectively manage and control the IT infrastructure to improve overall operational reliability Minimise downtime of critical processes in the event of a major disruption Goal . Proactive and preventive (strategic) Fast reaction and recovery(tactical) Focus

  22. Q & A Tamás Gaidosch Director, Information Risk Management KPMG Central and Eastern Europe +36 1 270 7139 tamas.gaidosch@kpmg.hu

More Related