Business Continuity Management (BCM) March 2013 Bank UOB Indonesia
BUSINESS CONTINUITY MANAGEMENT (BCM) MODEL PILAR I. GOVERNANCE STRUCTURE UOBI BCM Corporate Governance Structure UOBI BCM Policy, Procedure & Guidelines Business Continuity Management Awareness Programs PILAR II. DISASTER RESPONSE & CRISIS MANAGEMENT Risk Reduction Response Recovery Restoration Disaster Response Guideline Disaster Response Incident Crisis Management Crisis Management Plan PILAR III. BUSINESS RESILIENCE & RECOVERY Business/Support Units, Key Dependencies and Key Outsource Service Providers Business Business Testing & Review & Training & Continuity Exercising Impact Update Awareness Plan (BCP) Analysis (BIA) 2
BCM ORGANIZATION STRUCTURE GOVERNANCE STRUCTURE RECOVERY STRUCTURE (Normal – Time) (In a Crisis) Board of President Commissioners Director Board of Recovery Directors Director Recovery Crisis Director Management Team BCM Committee Business Crisis Damage Recovery Command Assessment Team Centre Team RMG-ORM Business & Crisis Mgt. IT-DRP Unit (BCM) Support Units Support Team ORM, PGS, HRD, Channel, IT, BPCC, 3 CASQ, Legal
DISASTER RESPONSE GUIDELINE NO DISASTER SCENARIO 1 Bomb Threat 2 Earthquake 3 Fire in the Bank Premises 4 Flood 5 Tsunami 6 Volcano Eruption 7 Mass Demonstration 8 Utilities Outages (incl. Network) 9 Landslide 10 Riot 11 Terrorism/Sabotage Threat 12 Typhoon 13 Labor Dispute 14 Pandemic-Avian Influenza 4 15 Wide Area Disruption
CRISIS RESPONSE ACTIVITY Distinguish between Crisis Level and Escalation Phase Crisis Level - differentiate the severity of the crisis situation Escalation Phase - guideline to determine whether CMT (Crisis Management Team) needs to be convened and Crisis Command Center (CCC) needs to be established Crisis Level Level 1 – Minor Emergency, localized incident; quickly resolved with internal/limited resources, – Does not effect the overall functioning capacity of the Bank CMT (Crisis Management Team) not convened Level 2 – Moderate Crisis, serious emergency; – Disrupt one or more operations of the Bank and may affect critical business function or staff safety CMT (Crisis Management Team) may be convened Level 3 – Community wide emergency; – Seriously impairs or halts the banking operations. CMT (Crisis Management Team) will be convened Maximum Allowable Downtime: Time given to declare disaster Critical Business Units - 1 hour Non-Critical Business Units - 3 hours Obvious disaster - 15 minutes 5
BUSINESS CONTINUITY COMPONENTS No BCM Components Description Process for measuring the business impact or loss due to disaster Helps the Bank to determine recovery priorities: • Critical Business Units Business Impact 1 • Recovery resources requirements Analyses (BIA) • Recovery strategies Proactive planning by BU to ensure business continuity during crisis. Aspects to be considered when developing BCP : • MOR : Minimum Operating Requirements Minimum requirements that business unit needs to work, in Business 2 Continuity Plan degraded mode, at the alternate site to ensure business continuity (BCP) • RTO : Recovery Time Objective Time required to make available the business processes and/or services from the point of disaster Conducted to ensure staff basic understanding of BCM principles. Conducted through: Training & • 3 Awareness E-learning • New Employee Orientation Program • BCP Coordinator Forum 6
BUSINESS CONTINUITY COMPONENTS No BCM Components Description Provides assurance that the business continuity planning process is accurate, relevant and viable. Types of Exercises: • Unit Call Tree Exercise 4 Testing & Exercising • Management Call Tree Exercise • Alternate Site Exercise • Crisis Management Team Table Top Exercise • Disaster Recovery Exercise Review & Update all plans annually or whenever there is a material 5 Review & Update change. Sign of by BU/SU Function Head 7
Recommend
More recommend
