SlideShare una empresa de Scribd logo

BCP & Risk Management Banktech Asia V2

Jorge Sebastiao
Jorge Sebastiao

Presentation on Business Continuity Planning and Risk Management at BankTech Asia. Focus on Banking sector issues in both BCP and Risk.

Empresariales
1 de 38
Importance of Business Continuity & Risk Management Jorge.sebastiao@its.ws
Agenda Business Continuity Planning and Disaster Recovery Planning British Standard on BC - BS25999 BCP Risk Management Process and Best Practices Business Value
Views of BCP and Risk Management Business View Service and Continuity Customer Focus Managing Risks Operation Risk Controls Auditing Governance & Compliance IT Infrastructure Disaster Recovery High Availability
Business Continuity Management To counteract interruptions to business activities To protect critical business processes from the effects of major failures or disasters “2 out of 5 companies that experience a disaster will go out of business within 5 years” - Gartner
The cost of ignoring it too high
Threats Environmental Natural Disasters Unexpected (“OOPS” factor) Cyber terrorism Viruses Threats Industrial Espionage
Business Risks Employee & customer privacy Legislative violations Financial loss Intellectual capital Litigation Public Image/Trust Business Risks
Examples - 1
Examples - 2
Threats to Availability DATA CORRUPTION COMPONENT FAILURE APPLICATION FAILURE HUMAN ERROR MAINTENANCE SITE OUTAGE
Can you afford it? eBay 12 June 1999 outage: 22 hrs. Operating System failure Cost: $3 million to $5 million revenue hit 26% decline in stock price AT&T 13 April 1998 outage: 6 to 26 hrs. Software Upgrade Cost: $40 million in rebates Forced to file SLAs with the FCC (frame relay) MCI August 1999 frame relay outage: 10 days Software Upgrade Cost: Up to 20 days free service to 3,000 enterprises Hershey Foods September 1999 system failures Application Rollout Cost: delayed shipments; 12% decrease in 3Q99 sales; 19% drop in net income from 3Q98 Dev. Bank of Singapore 1 July 1999 to August 1999: Processing Errors Incorrect debiting of POS due to a system overload Cost: Embarrassment/loss of integrity; interest charges Charles Schwab & Co. 24 February 1999 through 21 April 1999: 4 outages of at least 4 hrs. Upgrades/Operator Errors Cost: ???; Announced that it had made a $70 million new infrastructure investment. Causes of Unplanned Application Downtime Operator Errors 40% Application Failures 40% Technology Failures 20%
Sources of Disaster Survey of Disasters
Why should you care? Avoiding complete loss of organization Avoid Revenue Loss Damage to Reputation Productivity Performance and Governance Complex Problem to Solve Protect critical business processes Protect critical supporting infrastructure Protect company data and Intellectual Property Meet Compliance regulations Manage People in the Process
Impact of Disaster 14 Productivity: Number of employees x impacted x hours out x burdened hours = ? productivity/ employees $millions minutes daystime $impact$billions Revenue: Direct loss, compensatory payment, lost future revenues, billing losses and investment losses direct financial/ customer Damaged reputation: Customers, competitors gain advantage, suppliers, financial markets, business partners damaged reputation Governance & performance: Revenue recognition, cash flow, credit rating, stock price, regulatory fines Governance Performance constant increase Indirect impact of downtime can be far more severe and unpredictable exponential increase
Importance of Critical Infrastructures
Can not be ignored by business anymore
To survive a disaster you need? A Place to GO Vital Data A Plan to Follow Well Trained People
Successful implementation requires Technology ProcessPeople
Business Continuity Management overview Business Continuity Management EMERGENCYMANAGEMENT ITDISASTERRECOVERY FACILITIESMANAGEMENT HUMANRESOURCES PHYSICALSECURITY COMMUNICATIONS&PR KNOWLEDGEMANAGEMENT SUPPLYCHAINMANAGEMENT QUALITYMANAGEMENT CRISISMANAGEMENT RISKMANAGEMENT ENVIRONMENTALMANAGEMENT Source: BSI PAS56
Business Continuity Management Business Impact Analysis Risk Analysis Recovery Strategy Group Plans and Procedures Business Continuity Planning Initiation Risk Reduction Implement Standby Facilities Create Planning Organization Testing PROCESS Change Management Education Testing Review Policy ScopeResourcesOrganization BCM Ongoing Process BCM Project
Business Continuity timeline Active Business A successful recovery
British Standard BS25999 The BCM Lifecycle: BS 25999-1 2006 BCM Programme Management Understanding the organization Determining BCM strategy Developing & implementing BCM response Exercising, maintaining & reviewing
Processes - Business Continuity Mgmt Business Continuity Assessments / Audits Risk Analysis Business Impact Analysis Continuity Strategies Business Continuity Testing Awareness and Training
BCM Structure
Risk Analysis provides focus for BCM High Medium Low Low Medium High Area of Major Concern
Application Prioritization Application Priority Rating Recovery RequirementsRecovery Time Objective AAA 0–6 Hours Disaster Recovery needed: Restoration at a geographically remote data center. Local Fail over should also be considered AA 6–12 Hours Disaster Recovery needed: Restoration at a geographically remote data center. Local Fail over should also be considered. A 12–24 Hours Disaster Recovery needed: Restoration at a geographically remote data center. Local Fail over should also be considered. B 24-48 Hours Fail over Local, Disaster Recovery C 48–96 Hours Scheduled/Delayed Recovery D Recovery in 1 Week Scheduled/Delayed Recovery E Recovery when Resources Permit Scheduled/Delayed Recovery
Leveraging Virtualization Hardware OS Applications Services Storage NETWORK BusinessContinuity Clients BestPractices
Data Center Best Practices
Risk Management Elimination Reduction/Controls Transfer/Outsource Insurance Residual Not all risk can be eliminated via controls
DR Strategies Options Immediate, High-Impact Strategies Weekly Backup and Off-site Storage Daily Backup and Off-site Storage Weekly Mirroring & Electronic Vaulting Daily Mirroring & Electronic Vaulting Real-time Mirroring & Electronic Vaulting Vendor Agreements Quick Ship Agreements Owned Cold Site Owned Hot Site External Cold Site External Hot Site Decision Tree contains 5 x 2 x 4 = 40 strategic options
Strategy Optimization Recovery strategy must be optimized to business requirements Time CostofStrategy Mitigation LostRevenue Optimum Mitigation Strategy
Practical Testing
Response and Risk approach Risk Management and Business Controls Events Incidents Crises Impact Monitor & resolve the “critical few” with crisis management team Assess impact of events & implement appropriate controls Monitor & resolve at appropriate level using processesIncident Management Process Crisis Management Process
Crisis Management Team Organization
Response Timeline Last Offsite Backup Recovery Point Objective (RPO) Stage 1 Immediate Response & Relocation Business as Usual Stage 2 Op. Sys. Restore Technology Workarea Restoration Stage 3 Applications Functional Restoration Stage 4 Data Synchronization Backlog & Lost Data Stage 5 Resume Business Recovery Time Objective (RTO) Stage 6 Interim Site Stage 7 Retur n Home Restore Communications Restore Business Functions
Comprehensive Response Contingency Planning Disaster Recovery Security Business Continuity Crisis Communications Traditional Emergency Management
Time for action is now
Questions Jorge.sebastiao@its.ws

Recomendados

Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
BCM Institute
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standards
BSI British Standards Institution
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy Wong
BCM Institute
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
BCM Institute
 
Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...
Association for Project Management
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and Management
Cody Shive
 
Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity Management
Prof. David E. Alexander (UCL)
 
Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...
Sukumar Jena
 

Recomendados

Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
BCM Institute
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standards
BSI British Standards Institution
 
Risk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy WongRisk Analysis In Business Continuity Management - Jeremy Wong
Risk Analysis In Business Continuity Management - Jeremy Wong
BCM Institute
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
BCM Institute
 
Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...Building business continuity through risk management, presented by Kimberley ...
Building business continuity through risk management, presented by Kimberley ...
Association for Project Management
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and Management
Cody Shive
 
Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity Management
Prof. David E. Alexander (UCL)
 
Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...Business analysis sample report, Business Impact Analysis Report ,Business An...
Business analysis sample report, Business Impact Analysis Report ,Business An...
Sukumar Jena
 
Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
Jorge Sebastiao
 
Blockchain and covid19 v3
Blockchain and covid19 v3Blockchain and covid19 v3
Blockchain and covid19 v3
Jorge Sebastiao
 
Top tech shapping startups
Top tech shapping startupsTop tech shapping startups
Top tech shapping startups
Jorge Sebastiao
 
Blockchain and security v3
Blockchain and security v3Blockchain and security v3
Blockchain and security v3
Jorge Sebastiao
 
The road to blockchain 5.0
The road to blockchain 5.0The road to blockchain 5.0
The road to blockchain 5.0
Jorge Sebastiao
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
Jorge Sebastiao
 
How AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart CityHow AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart City
Jorge Sebastiao
 
Ai and traffic management application v1.0
Ai and traffic management application v1.0Ai and traffic management application v1.0
Ai and traffic management application v1.0
Jorge Sebastiao
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
Jorge Sebastiao
 
Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3
Jorge Sebastiao
 
AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1
Jorge Sebastiao
 
Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2
Jorge Sebastiao
 
Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1
Jorge Sebastiao
 
Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3
Jorge Sebastiao
 
Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2
Jorge Sebastiao
 
RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4
Jorge Sebastiao
 
IGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance ForumIGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance Forum
Jorge Sebastiao
 
ADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and GasADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and Gas
Jorge Sebastiao
 
AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?
Jorge Sebastiao
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
Jorge Sebastiao
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 

Más contenido relacionado

Más de Jorge Sebastiao

Más de Jorge Sebastiao (20)

Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
 
Blockchain and covid19 v3
Blockchain and covid19 v3Blockchain and covid19 v3
Blockchain and covid19 v3
 
Top tech shapping startups
Top tech shapping startupsTop tech shapping startups
Top tech shapping startups
 
Blockchain and security v3
Blockchain and security v3Blockchain and security v3
Blockchain and security v3
 
The road to blockchain 5.0
The road to blockchain 5.0The road to blockchain 5.0
The road to blockchain 5.0
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
 
How AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart CityHow AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart City
 
Ai and traffic management application v1.0
Ai and traffic management application v1.0Ai and traffic management application v1.0
Ai and traffic management application v1.0
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
 
Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3
 
AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1
 
Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2
 
Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1
 
Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3
 
Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2
 
RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4
 
IGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance ForumIGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance Forum
 
ADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and GasADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and Gas
 
AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?AVSEC are you flying cybersafe?
AVSEC are you flying cybersafe?
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
 

Último

0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
Roland Driesen
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 

Último (20)

0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 

BCP & Risk Management Banktech Asia V2

  • 1. Importance of Business Continuity & Risk Management Jorge.sebastiao@its.ws
  • 2. Agenda Business Continuity Planning and Disaster Recovery Planning British Standard on BC - BS25999 BCP Risk Management Process and Best Practices Business Value
  • 3. Views of BCP and Risk Management Business View Service and Continuity Customer Focus Managing Risks Operation Risk Controls Auditing Governance & Compliance IT Infrastructure Disaster Recovery High Availability
  • 4. Business Continuity Management To counteract interruptions to business activities To protect critical business processes from the effects of major failures or disasters “2 out of 5 companies that experience a disaster will go out of business within 5 years” - Gartner
  • 5. The cost of ignoring it too high
  • 10. Threats to Availability DATA CORRUPTION COMPONENT FAILURE APPLICATION FAILURE HUMAN ERROR MAINTENANCE SITE OUTAGE
  • 11. Can you afford it? eBay 12 June 1999 outage: 22 hrs. Operating System failure Cost: $3 million to $5 million revenue hit 26% decline in stock price AT&T 13 April 1998 outage: 6 to 26 hrs. Software Upgrade Cost: $40 million in rebates Forced to file SLAs with the FCC (frame relay) MCI August 1999 frame relay outage: 10 days Software Upgrade Cost: Up to 20 days free service to 3,000 enterprises Hershey Foods September 1999 system failures Application Rollout Cost: delayed shipments; 12% decrease in 3Q99 sales; 19% drop in net income from 3Q98 Dev. Bank of Singapore 1 July 1999 to August 1999: Processing Errors Incorrect debiting of POS due to a system overload Cost: Embarrassment/loss of integrity; interest charges Charles Schwab & Co. 24 February 1999 through 21 April 1999: 4 outages of at least 4 hrs. Upgrades/Operator Errors Cost: ???; Announced that it had made a $70 million new infrastructure investment. Causes of Unplanned Application Downtime Operator Errors 40% Application Failures 40% Technology Failures 20%
  • 13. Why should you care? Avoiding complete loss of organization Avoid Revenue Loss Damage to Reputation Productivity Performance and Governance Complex Problem to Solve Protect critical business processes Protect critical supporting infrastructure Protect company data and Intellectual Property Meet Compliance regulations Manage People in the Process
  • 14. Impact of Disaster 14 Productivity: Number of employees x impacted x hours out x burdened hours = ? productivity/ employees $millions minutes daystime $impact$billions Revenue: Direct loss, compensatory payment, lost future revenues, billing losses and investment losses direct financial/ customer Damaged reputation: Customers, competitors gain advantage, suppliers, financial markets, business partners damaged reputation Governance & performance: Revenue recognition, cash flow, credit rating, stock price, regulatory fines Governance Performance constant increase Indirect impact of downtime can be far more severe and unpredictable exponential increase
  • 15. Importance of Critical Infrastructures
  • 16. Can not be ignored by business anymore
  • 17. To survive a disaster you need? A Place to GO Vital Data A Plan to Follow Well Trained People
  • 19. Business Continuity Management overview Business Continuity Management EMERGENCYMANAGEMENT ITDISASTERRECOVERY FACILITIESMANAGEMENT HUMANRESOURCES PHYSICALSECURITY COMMUNICATIONS&PR KNOWLEDGEMANAGEMENT SUPPLYCHAINMANAGEMENT QUALITYMANAGEMENT CRISISMANAGEMENT RISKMANAGEMENT ENVIRONMENTALMANAGEMENT Source: BSI PAS56
  • 20. Business Continuity Management Business Impact Analysis Risk Analysis Recovery Strategy Group Plans and Procedures Business Continuity Planning Initiation Risk Reduction Implement Standby Facilities Create Planning Organization Testing PROCESS Change Management Education Testing Review Policy ScopeResourcesOrganization BCM Ongoing Process BCM Project
  • 22. British Standard BS25999 The BCM Lifecycle: BS 25999-1 2006 BCM Programme Management Understanding the organization Determining BCM strategy Developing & implementing BCM response Exercising, maintaining & reviewing
  • 23. Processes - Business Continuity Mgmt Business Continuity Assessments / Audits Risk Analysis Business Impact Analysis Continuity Strategies Business Continuity Testing Awareness and Training
  • 25. Risk Analysis provides focus for BCM High Medium Low Low Medium High Area of Major Concern
  • 26. Application Prioritization Application Priority Rating Recovery RequirementsRecovery Time Objective AAA 0–6 Hours Disaster Recovery needed: Restoration at a geographically remote data center. Local Fail over should also be considered AA 6–12 Hours Disaster Recovery needed: Restoration at a geographically remote data center. Local Fail over should also be considered. A 12–24 Hours Disaster Recovery needed: Restoration at a geographically remote data center. Local Fail over should also be considered. B 24-48 Hours Fail over Local, Disaster Recovery C 48–96 Hours Scheduled/Delayed Recovery D Recovery in 1 Week Scheduled/Delayed Recovery E Recovery when Resources Permit Scheduled/Delayed Recovery
  • 28. Data Center Best Practices
  • 30. DR Strategies Options Immediate, High-Impact Strategies Weekly Backup and Off-site Storage Daily Backup and Off-site Storage Weekly Mirroring & Electronic Vaulting Daily Mirroring & Electronic Vaulting Real-time Mirroring & Electronic Vaulting Vendor Agreements Quick Ship Agreements Owned Cold Site Owned Hot Site External Cold Site External Hot Site Decision Tree contains 5 x 2 x 4 = 40 strategic options
  • 31. Strategy Optimization Recovery strategy must be optimized to business requirements Time CostofStrategy Mitigation LostRevenue Optimum Mitigation Strategy
  • 33. Response and Risk approach Risk Management and Business Controls Events Incidents Crises Impact Monitor & resolve the “critical few” with crisis management team Assess impact of events & implement appropriate controls Monitor & resolve at appropriate level using processesIncident Management Process Crisis Management Process
  • 34. Crisis Management Team Organization
  • 35. Response Timeline Last Offsite Backup Recovery Point Objective (RPO) Stage 1 Immediate Response & Relocation Business as Usual Stage 2 Op. Sys. Restore Technology Workarea Restoration Stage 3 Applications Functional Restoration Stage 4 Data Synchronization Backlog & Lost Data Stage 5 Resume Business Recovery Time Objective (RTO) Stage 6 Interim Site Stage 7 Retur n Home Restore Communications Restore Business Functions
  • 36. Comprehensive Response Contingency Planning Disaster Recovery Security Business Continuity Crisis Communications Traditional Emergency Management
  • 37. Time for action is now