Good Practice Guidelines 2013 Presented by: Nisar Ahmed Khan MBCI
Introduction to the BCI • • • • • • •
The Business Continuity Institute was founded in 1994 It is a members owned “not for profit” organisation The BCI promotes the highest standards, competencies and ethics A growing membership of 8000 members in 101+ countries Provides an internationally recognised certification scheme CBCI Respected, eminent Institute MBCI is the “Gold Standard”
Mission: Promote the art and science of Business Continuity Management worldwide Vision: To be the Institute of choice for the Business Continuity Management professional 11/30/2011
Kuwait
2
In addition to UK English, the GPG 2013 English (USA), French, Spanish, Chinese, Japanese and Arabic. The BCI Certificate examination (CBCI) will also be available in these languages.
Additionally working on the further languages of German, Italian, Portuguese and Korean
What are the Good Practice Guidelines (GPG) and why do we have them? • They are the comprehensive and independent body of knowledge for BC professionals written by real world experts. • Consider not just what to do, but why, how and when. • Enhance and complement existing and emerging standards in BC , Crisis Management and Organizational Resilience. • Are the foundation for certification and training for BC professionals worldwide.
What has changed from the 2010 GPG? • Principles of practising Business Continuity remain the same but the good practice has moved on in many areas. • Six Professional Practices that make up the BCM Lifecycle (Management and Technical Practices) have been renamed for simplicity. • There is a distinction made between the wider discipline of Business Continuity (BC)and Business Continuity Management (BCM) the management process and activities associated with practising it.
Frequently Asked Questions • How well do Business Continuity and Risk Management overlap? • Can BC fit into a formal risk-based framework?
• Where should BCM be placed in an organization? Who should own it. • Are Business Continuity and organizational resilience the same thing? • Do we need a separate Crisis Management discipline?
The BCM Lifecycle: improving organizational resilience
The Six Professional Practices (PPs) Management Practices PP1 – Policy and Programme Management PP2 – Embedding Business Continuity Technical Practices PP3 - Analysis PP4 - Design PP5 - Implementation PP6 - Validation General Principles – Processes – Methods – Reviews & Outcome
PP1 – Policy and Programme Management The starting point – defines an organization’s policy relating to BC, how it will be implemented, controlled and validated through a BCM programme. • Setting BC Policy and determining the scope of the BCM programme • Defining governance and assigning roles and responsibilities • Implementing a BCM programme, managing documentation using programme and project management techniques • Managing outsourced activities and supply chain continuity
PP2 – Embedding Business Continuity The Management Professional Practice that continually seeks to integrate BC into day-to-day business activities and organizational culture. • • • •
Organizational Culture Skills and Competence Managing a Training Programme Managing an Awareness Campaign
Technical Practice PP3 – Analysis Reviews and assesses an organization in terms of what its objectives are, how it functions and the constraints of the environment in which it operates. • Business Impact Analysis (BIA) o Initial BIA, Strategic, Tactical and Operational • Threat Analysis (includes risk assessment)
Technical Practice PP4 – Design Identifies and selects appropriate strategies and tactics. • Continuity and Recovery Strategies and Tactics • Threat Mitigation Measures • Incident Response Structure
Technical Practice PP5 – Implementation Executes the agreed strategies and tactics through the process of developing the Business Continuity Plan (BCP).
• The Business Continuity Plan (BCP) • Developing and managing plans at a strategic, tactical and operational level.
Technical Practice PP6 – Validation Confirms the BCM programme meets objectives set in the BC Policy and that the BCP is fit for purpose.
• • • •
Developing an exercise programme Developing an running an exercise Maintenance of the BCM programme Review of the BCM programme
How can I get a copy of the new BCI’s Good Practice Guidelines 2013? BCI Members can download a free pdf version from the Members’ Area Non-members can purchase a pdf version from the BCI website www.thebci.org
Hard copies will be available to purchase from May onwards; BCI Member discounts apply
Thank you!