Business Continuity Planning (BCP)

Business Continuity Planning (BCP)

OBJECTIVES

• Understanding the requirement for a BCP programme in your organization
• Project management of the corporate BCP strategy
• Become fully conversant with the latest BCP guidance and practices
• Understand why some companies emerge stronger from crises
• Principles of Risk Evaluation & Control
• How to develop plans for computer system recovery
• Execute training, testing and simulation exercises
• Examine real-life case studies
• Have the tools and knowledge required to identify potential technological, natural and human (social) threats
• Assess the severity of each of these threats to your processes
• Identify the mission critical activities, conduct vulnerability assessments and Business Impact Analysis
• Determining costs and cost justification for these strategies
• Establish Recovery Time Objectives (RTO) for critical functions
• How to manage all the stakeholders, including the media

WHO SHOULD ATTEND?

• The training session has been designed for those professionals who demand guidance in how to prepare Business Continuity and Disaster Recovery Plans
• Designed for executives, managers and staff who are involved in Risk Management, Internal Audit, Security, Facilities and Emergency Management

COURSE OUTLINE

DAY 1 – Project initiation and Management

• An introduction to Business Continuity Planning
• Project Initiation and Management, who is on the team?
• What do you have in place now?
• DVD – ‘Business as usual’
• BCP and the requirements of BS25999 & ISO17799
• How to conduct a Business Impact Analysis (BIA) (example templates to identify critical business processes)
• Agree the maximum ‘downtime’ for the critical functions
• Conduct a Vulnerability Study – What are the worse case scenarios?
• Identify the key risks and assess the management of same
• Identify the necessary resources and consider the recovery strategies
• Syndicate workshop – conduct a BIA on a given scenario

DAY 2 – Developing and Implementing the Strategy

• Developing and implementing BCP strategies
• Consider mutually agreed Recovery Time Objectives (RTO’s)
• Select key players and assign responsibilities in the Recovery Teams
• Incident response management
  • Who is in charge?
  • Role of the crisis/emergency management team
  • Fitting the above into the BCP arrangements
  • Decision making authority
  • On scene management
  • Communication between the crisis management team and the Business Recovery Teams
• Emergency control centre/s
• Crisis communications, internal & external and Public Relations
• Syndicate workshop – develop a Plan
• Case Study, DVD and exercise

DAY 3 – BCP and the Corporate Image

• Reputation Management. Who got it right and who got it wrong?
• The requirement to get the message to all stakeholders
• Who are the likely stakeholders – prepare a list
• Syndicate workshop – prepare a press statement on a given BCP scenario
• Training needs analysis for the BCP team members
• Who else has the potential to get involved?
• How are they all mobilised on a 24/7 basis?
• Case study and DVD

DAY 4 – Disaster Recovery Planning

• Building evacuation plans and the effect on your BCP arrangements
• What is the threat?
• Do you always evacuate?
• Syndicate workshop – consider all of your IT assets
• Will the Recovery Time Objectives (RTO) be acceptable?
• Discussion – Backup requirements
  • Frequency – who, when and what
  • Recovery options
  • Cold sites
  • Hot sites
  • Off-Site storage and Standbys
  • What are the options available to you?
• Case Study
• Syndicate workshop. Disaster Recovery

DAY 5 – Auditing, Testing and Maintaining Business Continuity Plans

• Maintaining your Business Continuity Plan
• Reviewing the risks, threats and assessments
• What, when and how should you test/exercise?
• Validating your plan, arrangements and teams
• Who should be on your exercise planning team?
• Types of exercises, table tops, simulation/role-play, operational/live
• Exercise preparation and development
• How to evaluate the exercise?
• When to critique/de-brief
• Exercise report, recommendations and follow up
• Case Study and exercise