Business Continuity Planning (BCP)
Business Continuity Planning (BCP)
OBJECTIVES
- Understanding the requirement for a BCP programme in your organization
- Project management of the corporate BCP strategy
- Become fully conversant with the latest BCP guidance and practices
- Understand why some companies emerge stronger from crises
- Principles of Risk Evaluation & Control
- How to develop plans for computer system recovery
- Execute training, testing and simulation exercises
- Examine real-life case studies
- Have the tools and knowledge required to identify potential technological, natural and human (social) threats
- Assess the severity of each of these threats to your processes
- Identify the mission critical activities, conduct vulnerability assessments and Business Impact Analysis
- Determining costs and cost justification for these strategies
- Establish Recovery Time Objectives (RTO) for critical functions
- How to manage all the stakeholders, including the media
WHO SHOULD ATTEND?
- The training session has been designed for those professionals who demand guidance in how to prepare Business Continuity and Disaster Recovery Plans
- Designed for executives, managers and staff who are involved in Risk Management, Internal Audit, Security, Facilities and Emergency Management
COURSE OUTLINE
DAY 1 – Project initiation and Management
- An introduction to Business Continuity Planning
- Project Initiation and Management, who is on the team?
- What do you have in place now?
- DVD – ‘Business as usual’
- BCP and the requirements of BS25999 & ISO17799
- How to conduct a Business Impact Analysis (BIA) (example templates to identify critical business processes)
- Agree the maximum ‘downtime’ for the critical functions
- Conduct a Vulnerability Study – What are the worse case scenarios?
- Identify the key risks and assess the management of same
- Identify the necessary resources and consider the recovery strategies
- Syndicate workshop – conduct a BIA on a given scenario
DAY 2 – Developing and Implementing the Strategy
- Developing and implementing BCP strategies
- Consider mutually agreed Recovery Time Objectives (RTO’s)
- Select key players and assign responsibilities in the Recovery Teams
- Incident response management
- Who is in charge?
- Role of the crisis/emergency management team
- Fitting the above into the BCP arrangements
- Decision making authority
- On scene management
- Communication between the crisis management team and the Business Recovery Teams
- Emergency control centre/s
- Crisis communications, internal & external and Public Relations
- Syndicate workshop – develop a Plan
- Case Study, DVD and exercise
DAY 3 – BCP and the Corporate Image
- Reputation Management. Who got it right and who got it wrong?
- The requirement to get the message to all stakeholders
- Who are the likely stakeholders – prepare a list
- Syndicate workshop – prepare a press statement on a given BCP scenario
- Training needs analysis for the BCP team members
- Who else has the potential to get involved?
- How are they all mobilised on a 24/7 basis?
- Case study and DVD
DAY 4 – Disaster Recovery Planning
- Building evacuation plans and the effect on your BCP arrangements
- What is the threat?
- Do you always evacuate?
- Syndicate workshop – consider all of your IT assets
- Will the Recovery Time Objectives (RTO) be acceptable?
- Discussion – Backup requirements
- Frequency – who, when and what
- Recovery options
- Cold sites
- Hot sites
- Off-Site storage and Standbys
- What are the options available to you?
- Case Study
- Syndicate workshop. Disaster Recovery
DAY 5 – Auditing, Testing and Maintaining Business Continuity Plans
- Maintaining your Business Continuity Plan
- Reviewing the risks, threats and assessments
- What, when and how should you test/exercise?
- Validating your plan, arrangements and teams
- Who should be on your exercise planning team?
- Types of exercises, table tops, simulation/role-play, operational/live
- Exercise preparation and development
- How to evaluate the exercise?
- When to critique/de-brief
- Exercise report, recommendations and follow up
- Case Study and exercise