BCM Institute MTE Series: http://www.worldcontinuitycongress.com/wcc08/mte.html
Maintaining competency to implement your BCM programme to meet international BCM best practices and standards. By Dr Goh Moh Heng, President, BCM Institute
• Implementing BCM Framework and Planning Methodology to meet international BCM standards
• Building key benchmarking competency within the organization
• Developing a structure to embed BCM as part of due diligence, risk management and corporate governance
• Seeking management support through the understanding of the importance of organizational BCM maturity level
• Raising the BCM “readiness” bar and meet the emphasis as laid by your executive management
BCM Institute MTE Dr. Goh Moh Heng - BCM Benchmarking : Bridging Your Business Continuity Programme to International Standards and Best Practices
1. BCM Benchmarking :
Bridging Your Business
Continuity Programme
to International
Standards and Best
Practices
Dr Goh Moh Heng
President
moh_heng@bcm-institute.org
25 November 2010
Cititel Hotel Mid Valley
Kuala Lumpur Malaysia
2. Dr Goh Moh Heng
• President
– Business Continuity Management (BCM)
Institute
– www.bcm-institute.org
• Managing Director
– GMH Continuity Architects
– Asia Pacific BCM Consulting Firm
– www.GMHasia.com
• Professional BCM Appointments
– Technical Advisor for TR19:2005 &
SS540:2008 BCM Standard
(Management Council and Technical
Committee) www.ss540.org
– Project Director, Technical Working
Group for SS507:2004
• ISO/IEC 24762 Guidelines for BC-DR
Services
http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
2
3. Dr Goh Moh Heng
Prior Appointments
• Government of Singapore Investment
Corporation (GIC)
• Standard Chartered Bank
– Global Head for BCM
• PriceWaterhouse (Coopers)
• Past Certification Broad Member for
DRI International’s Certification Board
• Past Executive Director for DRI Asia
• Senior Technical Advisor, China
Business Continuity Management
Forum
http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
3
4. BCM Institute
• Started in January 2005.
• Provide competency based BC-DR
training to all levels.
• Certify BC-DR professionals
globally.
• Started Certification programme
in April 2007.
• More than 1500 professionals
from 850 organizations and 40
countries.
4
6. Maintaining Competency To
Implement Your BCM
Programme to Meet
International BCM Best
Practices And Standards
Dr Goh Moh Heng
President
moh_heng@bcm-institute.org
7. Agenda
• BCM Planning Methodology
• International Standards
• Body of Knowledge
• Organization Competency
• Personnel Competency
• Training-led implementation
10. BCM Body of Knowledge (BoK)
10
The training curriculum for all BCM Institute’s
courses is based on this BCM Body of Knowledge
(BCM BoK).
BCM Body of Knowledge (BCM BoK) consists of
7 Subject Areas.
2.
Risk
Analysis
and
Review
http://www.bcmpedia.org/wiki/BCM_Body_of_Knowledge_BCMBoK
BoK 1
•Project
Manage-
ment
Bok 2
•Risk Analysis
and Review
Bok 3
•Business
Impact
Analysis
Bok 4
•Recovery
Strategy
Bok 5
•Plan
Development
Bok 6
•Testing and
Exercising
Bok 7
•Program
Management
13. BCM Internal
Auditor
Business Unit
Coordinator/
Representative
BU Technology/
Support Coordinator/
Representative
Organization
BC Manager
BCM Steering Committee
• Chairperson
• Project Sponsor
• Head of Business Units
BCM
8590
BCM
820
DRP
5000
BCM
5000
BCM
100
Personnel
Competency
Certification
14. BCM-5000 – Implementing and
Managing BCM
• Advance BCM course for BCM Project Managers or
Business Unit Coordinators
• 4 full day training
• 1 half day 150 MCQ Examination
• Leads up:
14
15. DRP 5000 – Implementing and
Managing IT Disaster Recovery
• Advance BCM course for BCM IT Project
Managers
• 4 full day training
• 1 half day 150 MCQ Examination
• Leads up:
16. BCM 8590 – BCM Lead Auditor
• Advance BCM Lead Auditor course for
experienced financial auditors, standards/QMS
auditors and experienced advanced BCM
Professionals
• 4 full day training
• 1 half day 150 MCQ Examination
• Leads up to:
17. BCM 820 – Implementing
Business Continuity Management
• Intermediate BCM Training for organisations to
implement Business Continuity Management.
• Option to integrate consulting as a Training Led
Consultancy to implement BCM.
• 1 full day training
• 4 half day modulated workshops
• 50 MCQ Examination
• Leads up to:
18. Competency Built-
in Implementation
Business Continuity Reports – BC Plan
Business
Impact
Analysis
Recovery
Strategy
Plan
Develop-
ment
Risk
Analysis
& Review
Session 3 Session 4 Session 5 Session 6
Each Session-Day is a minimum of 2 weeks apart
Session 2
Policy and
Framework
Risk
Assessment
Report
Business
Impact
Report
Recovery
Strategy
Report
Business
Continuity
Plans
Test Plan
Testing &
Exercising
Program
Management
Fundamentals
of BCM
Session 1
21. Summary
• Implement BCM Framework and Planning Methodology to
meet international BCM standards
• Build key benchmarking competency within the
organization
• Develop a structure to embed BCM as part of due diligence,
risk management and corporate governance
• Seek management support through the understanding of
the importance of organizational BCM maturity level
• Raise the BCM “readiness” bar and meet the emphasis as
laid by your executive management
22. THANK YOU
Dr Goh Moh Heng
President
Mobile: +65 96711022
Tel: +65 63231500
Fax: +65 63230933
Email: moh_heng@bcm-institute.org
Notas del editor
BCM Institute
Leading global Business Continuity (BC) & Disaster Recovery (D R) Institute.
Established in 2005.
Offers a wide range of quality BC and DR courses.
Certified over 1,250 professionals from 36 countries.
MAJOR BCM AREAS
This framework divides into 6 broad BCM areas:
Risk Analysis and Review (This terms are similar for SS540 and BCM Planning Methodology)
The potential threats and risks to an organization can be uncovered via a risk analysis and review of its internal operations and external operating environment. Examples of risks due to internal operations include malfunction of critical manufacturing processes, failure of Information Technology (IT) systems and fire which destroys plant facilities. Examples of risks due to external operating environment include terrorist attacks, floods, political turmoil and disruption of supply chain.
Business Impact Analysis (This terms are similar for SS540 and BCM Planning Methodology)
The potential impacts of risks actually occurring to an organization and affecting its ability to achieve its business operation and service can be obtained by conducting a business impact analysis. The later would include, where possible, quantifying the loss impact from both a number of days of business disruption and a financial standpoint. For example, a fire which destroys the finished inventory at the warehouse can result in delay of shipment to key customers for a few days and incurring impact such as contractual penalty.
Strategy (Recovery Strategy)
Based on these potential loss impacts the organization would deliberate and select the appropriate strategy or strategies to safeguards its interests. These strategies can be preventive or pre-emptive in nature. For example, outsourcing the risks to third parties or setting up of alternate facilities at another location would be efforts towards preventing and pre-empting potential loss impact. The rationale behind these strategies is to build resilience for the organization against impact of loss.
Business Continuity Plan (Plan Development)
From the selected strategies a detail business continuity plan (BC Plan) should be instituted in place to respond to risks which can occur and impact its business operation and service. The BC Plan would specify and allocate the resources and thereby building up the capability of the organization to respond to risk occurrences. For example, by specifying the BC roles and responsibilities of staff in the BC Plan the organization is better adapt to respond to occurrence of risks.
Tests and Exercises (Testing and Exercising)
An established BC Plan should be subject to verification via Tests and exercises. Tests and exercises expose probable errors and omissions in carrying out the established plan. It examines if the resources committed are accessible, available and adequate for undertaking the recovery efficiently and effectively. It checks if staff in the organization are familiar with recovery procedures. Overall Tests and exercises validate if the BC Plan indeed meet its recovery objectives.
Programme Management (This terms are similar for SS540 and BCM Planning Methodology)
Besides an established and thoroughly tested BC Plan the organization should demonstrate commitment in maintaining the currency of its plan through regular and systematic review of its risks and business impacts, realigning of its BCM strategies and revalidating of its BC Plan on a continuous basis. BCM should become an integral part of the organization’s operations, audit, testing, quality assurance, change management and culture. Ownership of BCM becomes embedded in individual business units where BCM risks reside.
BCM is an ongoing management process and can be examined from 2 standpoints. Firstly, the impacts of issues and concerns arising from each of the 7 BCM areas identified above need to be examined. For example, the risk impacts upon people and physical infrastructure. Secondly, the direction and support needed to ensure that BCM efforts can be implemented and sustained. For example, organizational policies direct BCM processes to support BCM on an ongoing basis.
BCM Institute’s BCM Body of Knowledge
Project Management.
Risk Analysis and Review.
Business Impact Analysis.
Recovery Strategy.
Plan Development.
Testing and Exercising.
Program Management.