Escolar Documentos
Profissional Documentos
Cultura Documentos
7 March 2012
Presentation Outline
The Need for Business Continuity Management (BCM) BCM Strategy Project Governance and structures Progress as of Today Implementation Critical Success Factors
SBK BCP Strategy
7 March 2012
Life is not a matter of having good cards, but of playing a poor hand well.
7 March 2012
Good governance Regulatory pressure Sound capital adequacy requirements Mission achievement Business Continuity and resilience
BCM Standards/Regulations
NFPA 1600, British Standard 25999, SOX,BS ISO/IEC 27001:2005, HB 221:2004,HB 292-2006, HIPAA and so on.
SBK BCP Strategy
7 March 2012
BCM Strategy
Vision Leading the way to secure the Banks information assets to provide continuous customer services. Mission To manage Business Continuity and operational recovery risks by providing Bank-wide direction and leadership.
SBK BCP Strategy
7 March 2012
Definition
BCP is a process designed to reduce the organizations business risk arising from an unexpected disruption of the critical functions / operations (manual or automated) necessary for the survival of the organization This includes the critical functions / operations and supporting resources (human / material) and the assurance of the continuity of critical operations at the minimum level. BCP team was formulated and project launched on march 2008
SBK BCP Strategy
was
6
7 March 2012
BCM Strategy
People
Business Strategy
Process
Technology
Best Results Come From Alignment & Optimization Organization
Resource Management Process Optimization
Processes
Landscape Architecture
Local
Technology
Deployment Planning
Prevent
React
7 March 2012
Intergraded Risk Management BCM Policy BCM Steering Committee BCM Role and Responsibilities BCP Project Team BCM Methodology Project Plan Best Practice and standards
7 March 2012
Business Recovery Programme Manager (RPM) Business Unit Recovery Coordinator (URC)
10
BCM Policy
Provides the strategic directions and operational framework for the Bank Implementing BCM Policy is a strategic decision which must be considered for the long term survival of the Bank. BCM Role and Responsibilities Business units heads are responsible for business recovery and ensure the detailed Business Continuity Plans are in place in their areas of business Ownership by the senior Management
7 March 2012
11
Recovery Strategies
12
Completed In progress
Project Planning
Strategy Development
Training
13
Branch BCP
3 Model Branches Model BCP will be provided to all Conduct BIA Conduct Risk Assessment Design Recovery Strategy BC Plan Development Exercising Update and Maintenance Will provide a monitoring tool through intranet Yet to decide
SBK BCP Strategy
7 March 2012
14
Cost, Time and Resources (Rs. 5.3) Tools Used Business Impact Analysis Risk Assessment
7 March 2012
15
Primary Objective - Identify the time criticality of each business process of each business unit
Identify the degree of criticality of each business process over time, based on the respective impacts the organization could suffer due to an interruption to a given business process
7 March 2012
16
Identify and/or validated 29 SBUs business functions and prioritized Mission Critical Business Identify Inter-dependencies Establish Mission and Service Priorities Quantify impacts on business functions in terms of Financial - cost and loss of disruption Operational - maximum down time for each process
SBK BCP Strategy
7 March 2012
17
BIA Results
Maximum Tolerable Down Time: -Maximum number of hours/days each business process can afford to take for recovery, following an interruption. It also involves the identification of which business functions need to be given priority, when resuming business operations
Amount of data that each business function is willing to lose if a disruption occurs
7 March 2012
18
RTO Calculation
Financial Impact
7 March 2012
19
Fi n al RTO
IT C ESD T RY SCC IT ENG CCL FCBU GAMP IT C ASD IT - P SD T SV KP Y BOR CRC RRC FCC BRL(SWIFT ) SLI IFS (SCD) e-banking HR SVS SAU Region IV Millenium Credit s Import Export ACT 0
0 0 0 0.5 0.5 1 3 4 4 4 4 4 4 4 4 4 4 4 4 4 24 24 24 24 24 24 24 6 12 Ti m e 18
6 14 9
7 March 2012
24
20
RPO
mins
secs
RTO
secs
Zero
7 March 2012
mins
hrs
days
wks
mths
Downtime
21
7 March 2012
22
Strategy
7 March 2012
23
Distribution of Questionnaires to Business Unit Heads to carry out Business Impact Analysis & Risk Assessment (BIA & RA)
7 March 2012
Calculation of Recovery Time Objective (RTO) & Recovery Point Objective (RPO) 24
Policy Location Personnel Electrical & Communication equipment / services Computer Equipment Furniture and office equipment Vital Records Power Requirements Office Technology
SBK BCP Strategy
7 March 2012
25
7 March 2012
26
Treasury Dept. (TRY), Accounts Dept. (ACT), Foreign Currency Banking Unit (FCBU), Human Resources Dept. (HRD), Staff Advances Unit (SAU), Central Cash Dept(CCH), and International Exports Dept. (EXP)
Technical Services Dept. (TSV) and Services Dept. (SVS) IT Depts., Business Relations Dept. (BRL) and Central Clearing Dept. (CCL)
Units to be identified to relocate at Moratuwa. * Seylan Card Centre (SCC), Electronic Banking (ECM), Operations Dept. (OPS), Business Continuity Planning Command Centre , Human Resources Dept. (HRD), Foreign Currency Banking Unit (FCBU), Technical Services Dept. (TSV), Services Dept. (SVS).
SBK BCP Strategy
7 March 2012
27
Kapiti System - Core Banking System Kastle System - Treasury Operations Cashier System - Front Office system SWIFT - Society for Worldwide Inter Bank Financial Telecommunication ITM System - Credit/Debit Card system and ATMs SLIPS- Sri Lanka Inter Bank Payment System Seylan Clearing - Seylan Inter Branch Cheque Clearing System Firewall - Security System Active Directory - User Domain Controller
7 March 2012
28
VAP (VISA Access Point) - VISA Debit/Credit card MS ISA (proxy - Access for Internet Banking Services and Remittances Trend Micro- Internet Content Filtering System MS Exchange- E mail facility Eximbills /Citrix - International Trade Finance Pawning System Cheque Imaging and Truncation- CIT Payment gateway!!
7 March 2012
29
BCP awareness and training-Completed Test Plan for Scenario Simulation Submitted by E and Y
7 March 2012
30
All unit have to be done Scenarios Data and communication Failure Restriction of Access Routes Pandemic disaster
3. Functional Drill testing To be implemented with Board Approval E and Y is planning 4. Full Operational testing - To be implemented with Board Approval E and Y is planning
7 March 2012
SBK BCP Strategy
31
Key Decisions
Approval of BCM Policy BIA Results and BC Plan- Approved by the Board in principle Appointment of DR Coordination from ITC A senior person to be nominated Board approval for the IT Recovery Strategy Approved by Board Approval for Testing- in progress
SBK BCP Strategy
7 March 2012
32
7 March 2012
33
Where is your organization on the maturity spectrum? Where do you want your organization to be? How can IT lead the way, involve others, without bearing all the responsibility and cost?
SBK BCP Strategy
7 March 2012
34
7 March 2012
35
Success Factors
Board Sponsorship Top Management support and participation A annual budget allocation for running and maintenance of the BCM program Testing must be consistently conducted in a manner that encourages improvement and preparedness. A maintenance program must be implemented to ensure adequacy and completeness of the BCM elements.
7 March 2012
36
We are Prepared
7 March 2012
SBK BCP Strategy
37
Thank you
7 March 2012
38