Business Continuity

image1

Business Continuity Course

About the BCI

The BCI is the world’s leading professional association responsible for improving organizational resilience through building business continuity capability and professional development of individuals all over the world. 

The BCI’s vision is a world where all organizations, communities and societies become more resilient. 

The BCI is built on the principle of professionalising business continuity practice, and continues to be the authoritative and reliable source of information on all aspects of business continuity theory and practice for professionals, and offersa wealth of online resources. The Good Practice Guidelines have been revised as part of the BCI’s process of continual improvement and ongoing development of our body of knowledge to remain relevant to professionals worldwide. 


What is Business Continuity? 

Business continuity is the key discipline that sits at the heart of building and improving the resilience oforganizations.
It is a tried and tested methodology that an organization should adopt as part of its overall approach to managing risks and threats. Business continuity management identifies an organization’s priorities and prepares solutions to address disruptive threats. An effective business continuity programme supports the strategic objectives of the organization and pro- actively builds the capability to continue business operations in the event of disruption. The programme includes the identification of risks and threats, the creation of response structures and plans to address incidents and crises, and promotes validation and continuous improvement.

Nowadays, regulatory bodies and government emphasize on the operational recovery and resilience for all impacted stakeholders due to unexpected crisis/ incidents, political unrest (e.g. BREIXT) and civil disturbance (e.g. Occupy Central in Hong Kong SAR in 2014, “Yellow Vest” in France in 2018), pandemics, power/ system outages or even terrorist/ cyber-attacks (e.g. DDoS, ransomware), etc. 

Audience

This course is designed for new and experienced BCM practitioners, executives, managers, business continuity planners and business unit staff who are involved in or manage business continuity planning functions, especially from MNCs, government and financial institutions. It is also highly useful for internal and external auditors, security managers, records managers, information technology managers, crisis managers, senior IT staff, administrative heads, and others responsible for the administration of any size of organization. 

Objectives

At the conclusion of this course, participants should: 

  • have a solid understanding of the overall Business Continuity Management lifecycle 
  • have the tools and knowledge required to conduct a Business Impact Analysis and Risk Assessment for their organization 
  • know how to identify and select cost-effective Business Continuity strategies for key business activities and ITDisaster Recovery (DR)
  • know how to identify and select cost-effective strategies for key business activities and IT systems 
  • understand issues surrounding Cyber Security concerns 
  • be able to guide their IT and business unit personnel through the development of practical and effective IT recovery and business recovery plans 
  • be able to implement an effective Incident Management structure within their organization, including Emergency Response and Crisis Management 
  • know how to keep their plans current and viable 
  • have the tools and knowledge required to plan and coordinate effective tests and exercises 

Course Structure

6 modules( or called professional practices-PP) should be covered in the BCI framework:

  • Policy & Programme Management 
  •  Embedding Business Continuity 
  •  Analysis 
  •  Design 
  • Implementation 
  • Validation 


Topics covered include:

  • Business Continuity Lifecycle Management:  Evolution of BC Planning and Standards 
  • Establish business continuity policy, objectives, targets, controls, and procedures 

  1. Setting corporate policies, objectives and budgets 
  2. Assigning accountability for the Business Continuity program 
  3. Establishing the Business Continuity teams 

  • Crisis Communications 

  1. Communicating proactively with customers, suppliers, and other stakeholders 
  2. Addressing the needs and concerns of employees and their families 
  3. Guidelines for Effective Media Relations—broadcast interviews, print media, news conferences, social media 

  • Awareness and Training 

  1. Defining your Awareness and Training Requirements 
  2. Implementing the Program 
  3. Managing the Ongoing Program 

  • Business Impact Analysis and Risk Assessment - What threatens your organisation? 

  1. Understanding the need for a Business Continuity program 
  2. Defining your organisation's Business Continuity requirements 
  3. Conducting a Business Impact Analysis
  4. Conducting a Business Unit Risk Assessment 

  • Identifying and selecting Business Continuity strategies for: 

  1. Mitigating risk 
  2. Reducing impact 
  3. Recovering technologies 
  4. Resuming business operations 

  • Developing plans for IT Disaster Recovery 

  1. Primary concerns in Cyber Security Planning 
  2. Design an effective information technology (IT) Disaster Recovery Plan to recover critical IT systems, applications, and data 
  3. Determine risks and impacts of disruption to IT infrastructure and Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) 

  • Developing plans for Business Resiliency 

  1. Initial response and assessment 
  2. Interim contingencies 
  3. Resource provisioning 
  4. Business recovery 
  5. Return to normal 

  • Developing a Crisis Management Plan:

  1. Creating a Crisis Management Team 
  2. Establishing on-site and off-site Command Centers 
  3. Escalating emergencies and activating Business Continuity teams and plans 
  4. Crisis management checklists to help the CMT with ‘crisis project management’ 

  • Key Components in a Crisis Management Plan: 

  1. Decision-making authority 
  2. Coordination with public authorities
  3. Human resources issues 
  4. Financial control issues 
  5. Legal, contractual and regulatory issues 

  • Review of Techniques for Training and Exercising Business Continuity Teams: 

  1. Table Top Exercises 
  2. Simulation Exercises 
  3. Drills 
  4. Operational Exercises 
  5. Mock Disasters 

  • Setting Test and Exercise Objectives: 

  1. Planning and Preparation 
  2. Measuring Success and Performance 
  3. Critical Success Factors 

  • Review of Techniques for Validating and Maintaining Business Continuity Plans: 

  1. Desk Checks; Peer Reviews 
  2. Structured Walkthroughs 
  3. Standalone Tests; Integrated Tests 
  4. Operational Tests 
  5. Call Tree Tests 

  • Plan Maintenance: 

  1. Establishing a repository for all plan documentation and procedures 
  2. Implementing a Change Control system
  3. Administering the maintenance process 
  4. Developing and ensuring compliance with corporate policies and standards 

  • Plan Evaluation: 

  1. Identifying significant changes to business units and critical operating processes 
  2. Reviewing current strategies for reducing risk, reducing impact, recovering computer systems, resuming business operations 
  3. Reviewing and updating Business Continuity requirements 
  4. Auditing the Business Continuity program 
  5. Plan Administration: 
  6. Administering the plan maintenance process 
  7. Centralized versus decentralized administration 
  8. Managing access and dissemination of plan contents 
  9. Generally Accepted Business Continuity 'Best Practices'

Membership

Generally, there are 6 BCI membership grades depending on the students’ exam result and BCP related working experience. When a student completed the exam with PASS grade (at 70%), he/ she will be CBCI definitely. If he/ she has more than 1 year or 3 years BCP experience, after assessment from BCI with payment around GBP120, he/ she will be Associate Member (AMBCI) or Member (MBCI). Notably, same as other professional, CPD is a MUST to retain his/her status. Members can report their experience in the BCI website after creating a member account in BCI website.

Examination

120 MC questions with 70% correct as Pass, and 85% as Distinction. Candidates must have laptop with webcam for examination. The exam vendor will assess candidates’ laptop for system checking before exam.

Business Continuity Course - 20190920MC
Date: 20/9, 27/9, 4/10, 11/10
Time: 19:00 - 22:00pm
Course fee: HK$18,000 (including Exam fee) 

Early-bird: 5% (paid on 17 Sep or before)