Business continuity maturity model
14th May 2009 Neil O’Connor
Introduction
• The Cabinet Office has issued an IA Maturity Model (IAMM) for public sector bodies to assess the maturity of their Information Assurance (IA) management. This addresses key IA concerns such as the confidentiality of information, and in particular the protection of personal information, but does not addressBusiness Continuity in sufficient depth. • The Business Continuity Maturity Model (BCMM) addresses this, and provides a means to assess the development of Business Continuity Planning (BCP) within an organisation.
Introduction
• It is based upon:
• The Cabinet Office IA Maturity Model (IAMM) • BS 25999-1:2006 Business Continuity Management Part 1 Code of Practice • BIP 2143:2008 Exercising forExcellence: Delivering a Successful Business Continuity Management Exercise
• It allows an organisation both to choose a target level of maturity and to assess its progress to achieving it
IA Maturity Model Processes
Embedding Information Risk Management Culture Within Organisation
Implementing Best Practice IA Measures
Effective Compliance
• Leadership & Governance • Training,Education & Awareness • Information Risk Management
• Through-Life IA Measures • Assured Information Sharing
• Compliance
IA Maturity Model Levels
Level 1 - Initial
• Awareness of the Criticality of IA to the Business and Legal Requirements • IA Processes are Institutionalised • IA Processes are implemented in Critical Areas of the Business • The Number of Corporate Exceptions toImplementing IA Processes is Known and Reported • Responsive IA Processes are integrated as Part of Normal Business
Level 2 – Established
Level 3 – Business Enabling
Level 4 – Quantitatively Managed
Level 5 – Optimised
BC Maturity Model Processes
Embedding Business Continuity Management Culture Within Organisation
Implementing Best Practice BC Measures
Effective Compliance
•Leadership & Governance • Training, Education & Awareness • Business Continuity Management
• Developing and Implementing a BCM Response • Exercising, Maintaining and Reviewing BCM
• Compliance
BC Maturity Model Levels
Level 1 - Initial
• Awareness of the Criticality of BC to the Business and Legal Requirements • BC Processes are Institutionalised • BC Processes are implemented inCritical Areas of the Business • The Number of Corporate Exceptions to Implementing BC Processes is Known and Reported • Responsive BC Processes are integrated as Part of Normal Business
Level 2 – Established
Level 3 – Business Enabling
Level 4 – Quantitatively Managed
Level 5 – Optimised
BC Leadership and Governance
Level 1 - Initial
• Main board recognition that BC is anintegral requirement of corporate governance • Main board commitment to effective BC promulgated in a top level policy statement • Main board member responsible for Business Continuity Management (BCM) • Each business area has a person responsible for BCM
Level 2 – Established
• Main board members understand and accept their responsibility for the effective implementation of BCM across theorganisation • Endorsed BC Strategy • Effective Business Continuity Management regime established
Level 3 – Business Enabling
• Main board exercising due diligence with regard to the effective discharge of BCM within the organisation • Main board members are proactively engaged in leading and championing BCM within the organisation
Level 4 – Quantitatively Managed
• Main board monitorsprogress towards embedding BC policy within the organisation
• The need to assure continuity of the business is fully embedded within the organisational culture and is subject to a regime of improvement
Level 5 – Optimised
BC Training, Education and Awareness
• There is a programme of annual BC awareness training
Level 1 - Initial
Level 2 – Established
• All staff undergo annual BC...
Regístrate para leer el documento completo.