Business Continuity

Management
Risk management applied to
safety and security
What is business continuity management?
• Business continuity management (BCM) is a framework for identifying an
organization's risk of exposure to internal and external threats. The goal
of BCM is to provide the organization with the ability to effectively
respond to threats such as natural disasters or data breaches and protect
the business interests of the organization. BCM includes disaster
recovery, business recovery, crisis management, incident management,
emergency management and contingency planning. a business continuity
management system emphasizes the importance of. Understanding
continuity and preparedness needs, as well as the necessity for
establishing business continuity management policy and objectives.
Implementing and operating controls and measures for managing an
organization’s overall continuity risks. Monitoring and reviewing the
performance and effectiveness of the business continuity management
system .Continual improvement based on objective measurements.
 Risk Management and Business Continuity:
Improving Business Resiliency
• Preparing for and responding to negative events, from
the mundane to the catastrophic, from the predictable
to the unforeseen, has become a fact of life for
businesses and governments around the world. We don’t
have to look any further than the seemingly daily reports
of cyberattacks on governments, corporations and
individuals to comprehend the severity of the problem.
Tackling these risks requires an integrated and holistic
framework with the capability to identify, evaluate and
adequately define responses to the circumstances. For
more and more organizations, this means adapting an
enterprise risk management (ERM) model.
ERM seeks to identify all threats

• including financial, strategic, personnel, market, technology, legal,

compliance, geopolitical and environmental—that would adversely
affect an organization. This holistic approach gives organizations a
better framework for mitigating risk while advancing their goals and
opportunities in the face of business threats. But in order to implement
and continuously manage this enterprise-wide model there is a critical
need for closer integration of two typically distinct roles within the
organization—business continuity management (BCM) and risk
management. Together, these two vital elements make up a robust
ERM plan and have a tremendous impact on an organization’s ability to
contend with interruptions to the execution of organizational
activities.
• destruction caused Put in the simplest terms, risk
management is concerned with minimizing the
probability of and by negative events. Operational
risk management, as the name implies, must cope
with interruptions at the operational level.
Recognizing that there are inherent imperfections
in systems, people, facilities and general
operational functions, the essence of operational
risk management is to negate or reduce the
probability of an incident occurring. Focusing upon
incident-specific, site-specific analysis of potential
causes of interruptions, risk managers seek to
preclude incidents from occurring. If elimination
of the risk is not possible, the focus moves to
 The examples.
• suppression systems reduce the risk of operational
disruption caused by fire damage. Redundant equipment
decreases the possibility of operational interruption
resulting from machine breakdown and redundant
communications help maintain connectivity. By analyzing
past events and examining known hazards (defined flood
plains, hurricane-prone areas, construction sites,
earthquake areas and terrorism-prone areas) operational
risk management seeks to avoid the occurrence of negative
destructive events.
The business continuity plan

• included a strategy that automatically forwarded incoming

calls to another facility outside the U.S. and also provided
connectivity to its back-up technology center. When the
blackout hit, the business continuity plan worked exactly
as tested. Phones were switched, systems were accessible
and, best of all, customers never knew the difference. The
company was actually more prepared than many of its
customers who failed to provide similar capabilities and
had to cease trading.
The combination of risk management

• business continuity provides the level of resiliency that most

organizations must achieve in light of the uncertainty that exists today.
The blend will reduce uncertainty and promote a more stable operating
environment.
• Business continuity managers are the risk analyzers and first line of
defense against regulation violations or disaster recovery mistakes.
These professionals foresee possible issues and help companies
maneuver against them. They are the backup and recovery specialists
that know how to protect IT assets from natural disasters or compliance
violations that can cost companies millions in lost data and resources.
Business Continuity Manager Job
Responsibilities and Duties

• A business continuity manager is usually a consultant that spends

some time understanding the business but has years of experience
in disaster recovery. These managers are responsible for
contingency planning. This means that they are able to foresee
any interruptions and help businesses put policies into practice to
avoid them. They document disaster recovery plans, but usually
staff are responsible to do the implementations. They also
perform risk management to find the costs associated with any
interruptions.
Job responsibilities and duties include:

• Document IT design and resources and create a business recovery process

• Schedule business planning sessions with staff to identity processes
• Perform business impact and risk assessments
• Monitor current recovery plans and review them for enhancements
• Train staff and managers on risk management and disaster recovery steps
• Set up disaster recovery practices and trial runs
• Create back up plans
• Ensure IT resources follow best practices that protect them from natural disasters
• Work with help desk and staff to escalate disaster recovery issues
Business Continuity Planning (BCP)

• Business continuity planning (BCP) is the creation of a strategy

through the recognition of threats and risks facing a company,
with an eye to ensure that personnel and assets are protected and
able to function in the event of a disaster. Business continuity
planning involves defining potential risks, determining how those
risks will affect operations, implementing safeguards and
procedures designed to mitigate those risks, testing those
procedures to ensure that they work, and periodically reviewing
the process to make sure that it is up to date.
BREAKING DOWN 'Business Continuity
Planning (BCP)'

• Businesses can face a host of disasters that range from minor to

catastrophic. Business continuity planning is typically meant to help
a company continue operating in the case of many or major
disasters, such as fires, but it may not be as effective if a large
portion of the population is affected, such as in the case of a disease
outbreak. Insurance does not cover all costs of such circumstances
and cannot replace customers that defect to the competition
because of them. One example of BCP would be a finance company
based in a major city backing up its computer and client files offsite,
so that if something would happen to the corporate office, satellite
offices would still have access to important information.
Four Steps to Developing a Business
Continuity Plan

• Conduct a business impact analysis to identify time-sensitive or

critical business functions and Identify, document, and implement
to recover critical business functions and processes.
• processes and the resources that support them.
• Organize a business continuity team and compile a business
continuity plan to manage a business disruption.
• Conduct training for the business continuity team and testing and
exercises to evaluate recovery strategies and the plan.
 Business Continuity Impact Analysis
• An important part of developing a BCP is a business continuity impact analysis. It identifies
the effects resulting from disruption of business functions and processes. It also uses
information to make decisions about recovery priorities and strategies.
• To aid in running a business continuity analysis, FEMA provides the Operational & Financial
Impacts worksheet can be used to compile the required information. The worksheet should
be completed by business function and process managers that know a business well. Once all
worksheets are completed, the worksheets can be tabulated to summarize:
• The operational and financial impacts resulting from the loss of individual business functions
and process
• The point in time when loss of a function or process would result in the identified business
impacts
• Those functions or processes with the highest potential operational and financial impacts
become priorities for restoration. The point in time when a function or process must be
recovered, before unacceptable consequences could occur, is often referred to as the
“Recovery Time Objective.” BCM
Risk management applied to safety security
and sanitation

• JENNIFER ESPINO
• JANINE POMIDA
• KENZ AUMENTO
• DENDELE NINO A. CAFE