CBCP业务连续性管理专家培训材料_Area8.ppt
《CBCP业务连续性管理专家培训材料_Area8.ppt》由会员分享,可在线阅读,更多相关《CBCP业务连续性管理专家培训材料_Area8.ppt(77页珍藏版)》请在三一办公上搜索。
1、1,Business Continuity ManagementCourse for Advanced Professionals Introduction,2,Subject Area 8:Maintaining&Exercising Business Continuity Plans,3,Lesson Overview,Elements of a testing&exercise programTypes of tests and exercisesBCM program maintenanceThe plan review and audit methodology Maintainin
2、g the plan Change factors Plan document control proceduresBCM program maintenance,4,Professional Practices forBusiness Continuity Professionals,Project Initiation and ManagementRisk Evaluation and ControlBusiness Impact AnalysisDeveloping Business Continuity StrategiesEmergency Response and Operatio
3、nsDeveloping and Implementing Business Continuity PlansAwareness and Training ProgramsMaintaining&Exercising Business Continuity PlansCrisis CommunicationsCoordination with External Agencies,5,Objectives,Pre-plan and coordinate plan exercises,and evaluate and document plan exercise results.Develop p
4、rocesses to maintain the currency of continuity capabilities and the Plan documents in accordance with the organization.s strategic direction.Verify that the Plans will prove effective by comparison with a suitable standard,and report results in a clear and concise manner.,6,The Professionals Role(1
5、/2),Pre-plan and Coordinate the ExercisesFacilitate the ExercisesEvaluate and Document the Exercise ResultsUpdate the Plan,7,The Professionals Role(2/2),Report Results/Evaluation to ManagementCoordinate Ongoing Plan MaintenanceAssist in Establishing Audit Program for the Business Continuity Plan,8,T
6、he Planning Process,RiskAssessment&Analysis,PlanDevelopment,ProjectPlanning,StrategyDevelopment,Business Impact Analysis,Awareness&Training,Objective Subject the plan to tests and exercises to ensure that it is operationalSome key tasks Establish objectives,scope and types of tests&exercises Conduct
7、 the tests&exercisesSome key deliverables Post-test/exercise results,evaluations,&reports Plan revisions,Testing&Exercising,9,“The safety policy and procedures were in place:the practice was deficient.”extract from Lord Cullens report into the Piper Alpha disasterhttp:/news.bbc.co.uk/1/hi/uk/127335.
8、stm,10,Definitions,TestingEquipmentTechnologiesDurable goods Server UPS device Generator Telecommunications,ExercisingPeople Evacuation procedures Call trees Familiarity with alternate locations Interim procedures Manual processes Self Assessment,11,Testing&Exercising Goal“The goal of testing and ex
9、ercising your plan is not to find out if it works,but to determine how it doesnt.”,12,Benefits of Testing&Exercising,Assesses viability of planPractice procedures before disasterSatisfies legal and internal audit requirementsIdentifies areas that need modificationEnables BCM program to remain active
10、,up-to-date,understood,and usable Demonstrates the ability to recoverProvides a mechanism for maintaining and updating the plan,13,Benefits of Testing&Exercising I hear.I forget.I see.I rememberI do.I understandChinese Proverb,14,Commitment&Motivation,Senior management needs to understand An unteste
11、d/unexercised plan is unlikely to succeed in an actual disaster situation Program maintenance and plan review,updating and exercising is an integral part of the plan development and implementation process An untested/unexercised plan could,in an actual disruption be dangerousSenior management should
12、 support program by Reading reports Providing direction Allocating resources,15,Testing&Exercising Methodology,The plans are tested to the fullest extent possibleThe costs are not prohibitiveService disruptions are minimalThe results provide a high degree of assurance in recovery capabilityEvaluatio
13、n provides quality input to plan review and updates,16,Test&Exercise Program Design,Use the scenario to design emergency situations that:Promote preparedness Improve response capability Validate plans,policies,procedures,and systems Determine effectiveness of command,control,and communication functi
14、ons,17,Test&Exercise Prioritization,Phased approach to exercising Start simple Build upon mastery Add complexity Target a comprehensive exercise,18,Test&Exercise Prioritization,Functional area criticality Those with roles&responsibilities in planEarly participants can serve as valuable role models&a
15、dvocates to other participantsManagers who are“On the fence”,19,Testing/Exercising as part of Plan Life Cycle,Fullcapabilityexercised,Minor elements tested,Extent ofTest/Exercise,During plandesign,Plan issued,Plan beingmaintained,20,Types of Tests,Quarterly evaluations of alert and notification proc
16、edures and systemsEvaluate the ability to access current vital records,systems,and data management software and equipmentEvaluate the logical support,services,and infrastructureEvaluate communications,21,Types of Tests,Static Essential components in placeDynamic Equipment satisfies operational requi
17、rementsFunctional Procedures for operating equipment are correct,22,How would you design a test to cover the different levels and functions?,Accounts,Email,CRM,Web serverfor sales,Application,Database,System&Network,Hardware,23,“This has been a test.In the eventof an actual emergency,Im outta here!”
18、,24,Types of Exercises,Scheduled or surprisePlan reviewTabletop/desktopWalk through/hands-onModular/component,Functional/LOBSimulation/mockComprehensive/full-scale,25,Exercise Best Practices,Exercise public/private partnerships Emergency evacuations Shelter-in-place Hazardous materials drills Commun
19、ity Emergency Response Teams(CERT),26,Exercise Best Practices,Use real-life situations to test emergency procedures Emergency Situation,27,Testing&Exercise Program,Business Continuity PlanTesting/Exercise Program,Comprehensive,Plan Review,Tabletop,Functional,Modular,Walkthrough,Simulation,Self-Asses
20、sment,28,Confidentiality,Establish ground rules to address confidentialityEnsure that confidential test data is protected after exercise,29,Test/Exercise Frequency,At least annually or as significant changes occurShould be ongoing and increase in complexityDocument and budget BCM testing&exercising
21、as an ongoing,multi-year program,30,Define Test&Exercise Requirements,Objectives and levels of successIdentify types of tests&exercisesEstablish and document scopeProvide a schedule Logistics and pre-planning componentsPlan and reporting structure,31,Planning Test&Exercise Objectives,To see if plan
22、can be executedTo familiarize participants with plan To demonstrate plan is accurate and completeTo validate plans assumptionsTo confirm that the plan will help to recover the organization,32,Planning&Coordinating Exercises,Determine scope of exercise What will be exercise?Elements of the worst-case
23、 scenario Who will be involved?Those with plan roles and responsibilities When will exercise occur and under what timeframe?Why will exercise occur?Where will the exercise occur?,33,Facilitating Tests&Exercise,Facilitation during tests&exercisesPersonnelMaterialsProcedures in the test/exercise shoul
24、d be consistent with those required in an actual event,34,Evaluating Test/Exercise&Results,BC planning team and audit department might work together to evaluate a test or exerciseObservation or qualitative methodDocumentation or quantitative method Use quantifiable criteria Compare timelines from pr
25、evious exercises Benchmark comparisons Measurable objectives Incident logs Legal,contractual,or regulatory requirementsProvide feedback on results to participants,35,Documenting Test/Exercise Results,Part of the permanent record of the organization Demonstrate due diligence Prudent business practice
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- CBCP 业务 连续性 管理 专家 培训 材料 _Area8

链接地址:https://www.31ppt.com/p-2311581.html