Business Continuity Management (BCM) March 2013 Bank UOB Indonesia - - PowerPoint PPT Presentation

Business Continuity Management (BCM)

March 2013

Bank UOB Indonesia

BUSINESS CONTINUITY MANAGEMENT (BCM) MODEL

Business Continuity Management Awareness Programs PILAR II. DISASTER RESPONSE & CRISIS MANAGEMENT Risk Reduction Response Recovery Restoration PILAR III. BUSINESS RESILIENCE & RECOVERY UOBI BCM Policy, Procedure & Guidelines UOBI BCM Corporate Governance Structure PILAR I. GOVERNANCE STRUCTURE

Disaster Response

Crisis Management

Business/Support Units, Key Dependencies and Key Outsource Service Providers

Disaster Response Guideline Crisis Management Plan Incident

Business Impact Analysis (BIA) Business Continuity Plan (BCP) Training & Awareness Testing & Exercising Review & Update

2

BCM ORGANIZATION STRUCTURE

Board of Commissioners

Board of Directors Recovery Director BCM Committee IT-DRP Unit RMG-ORM (BCM) Business & Support Units

President Director Recovery Director Crisis Management Team Business Recovery Team Crisis Command Centre Damage Assessment Team Crisis Mgt. Support Team ORM, PGS, HRD, Channel, IT, BPCC, CASQ, Legal

GOVERNANCE STRUCTURE (Normal – Time) RECOVERY STRUCTURE (In a Crisis)

3

NO DISASTER SCENARIO 1 Bomb Threat 2 Earthquake 3 Fire in the Bank Premises 4 Flood 5 Tsunami 6 Volcano Eruption 7 Mass Demonstration 8 Utilities Outages (incl. Network) 9 Landslide 10 Riot 11 Terrorism/Sabotage Threat 12 Typhoon 13 Labor Dispute 14 Pandemic-Avian Influenza 15 Wide Area Disruption

DISASTER RESPONSE GUIDELINE

4

CRISIS RESPONSE ACTIVITY

Distinguish between Crisis Level and Escalation Phase

Crisis Level - differentiate the severity of the crisis situation Escalation Phase - guideline to determine whether CMT (Crisis Management Team) needs to be convened and Crisis Command Center (CCC) needs to be established

Crisis Level

Level 1 – Minor Emergency, localized incident; quickly resolved with internal/limited resources, – Does not effect the overall functioning capacity of the Bank  CMT (Crisis Management Team) not convened Level 2 – Moderate Crisis, serious emergency; – Disrupt one or more operations of the Bank and may affect critical business function or staff safety  CMT (Crisis Management Team) may be convened Level 3 – Community wide emergency; – Seriously impairs or halts the banking operations.  CMT (Crisis Management Team) will be convened

Maximum Allowable Downtime: Time given to declare disaster

Critical Business Units - 1 hour Non-Critical Business Units - 3 hours Obvious disaster - 15 minutes 5

BUSINESS CONTINUITY COMPONENTS

No BCM Components Description 1 Business Impact Analyses (BIA)

• Process for measuring the business impact or loss due to disaster
• Helps the Bank to determine recovery priorities:
• Critical Business Units
• Recovery resources requirements
• Recovery strategies

2 Business Continuity Plan (BCP)

• Proactive planning by BU to ensure business continuity during crisis.
• Aspects to be considered when developing BCP :
• MOR : Minimum Operating Requirements

Minimum requirements that business unit needs to work, in degraded mode, at the alternate site to ensure business continuity

• RTO : Recovery Time Objective

Time required to make available the business processes and/or services from the point of disaster 3 Training & Awareness

• Conducted to ensure staff basic understanding of BCM principles.
• Conducted through:
• E-learning
• New Employee Orientation Program
• BCP Coordinator Forum

6

BUSINESS CONTINUITY COMPONENTS

No BCM Components Description 4 Testing & Exercising

• Provides assurance that the business continuity planning process

is accurate, relevant and viable.

• Types of Exercises:
• Unit Call Tree Exercise
• Management Call Tree Exercise
• Alternate Site Exercise
• Crisis Management Team Table Top Exercise
• Disaster Recovery Exercise

5 Review & Update

• Review & Update all plans annually or whenever there is a material

change.

• Sign of by BU/SU Function Head

7