Course Code BSB60215 Course Name Advanced Diploma of Business Unit Code BSBCON801 Unit Name Establish and review the Business Continuity Management Framework and Strategies Due Date Assessment Name Business Portfolio Part A: Short answer questions Part B: Case study Part C: Project Student No. ________________ Student Name _____________________________ Student Phone ________________ Student Email _____________________________ Student Declaration I declare that this assessment is my own work and where my work is supported by documents from my workplace placement/employer permission has been granted. Note: Filling out this coversheet as part of an electronic submission and approving the above information will operate in the same way as physically signing this cover sheet. Student name or signature: ___________________________________________ Office Use Only Date/s Received: ___/___/___ ___/___/___ ___/___/___ Date/s Assessed: ___/___/___ ___/___/___ ___/___/___ Result of Assessment: ___________ ___________ ___________ Entered on Training Plan Moderation Signature   Course Code and Name: BSB60215 Advanced Diploma of Business Unit Code: BSBCON801 Unit Title: Establish and review the Business Continuity Management Framework and Strategies For this assessment you are required to answer all of the questions. You are permitted to research the answers by reading your text book, theory notes and accessing the internet. If more room is needed label each task with the question number and use headings or dot points to make your work clear for your trainer and assessor. Please follow the Referencing Guide contained on your Course handbook. Please attach a student assessment cover sheet to each unit submission. You must complete the cover sheet in full detail. PART A – REVIEW TERMINOLOGY Research the following TERMS and PHRASES these are linked with your assessment. Attach your definition or explanation to each word. Please remember to Reference. Question 1 a. Accountability b. Management framework c. Dependencies d. Disruptive event e. Interdependencies f. Organisation's current functionality g. Duty of care h. Freedom of information legislation i. Business continuity plan Question 2 Give an overview of the following: Australian/New Zealand Standard AS/NZS ISO 31000-2009 Risk Management Australian/New Zealand Standard Handbook AS/NZS HB221:2004 Question 3 Research 4 relevant legislation and regulations that impact on business continuity Course Code and Name: BSB60215 Advanced Diploma of Business Unit Code: BSBCON801 Unit Title: Establish and review the Business Continuity Management Framework and Strategies Read the following Case Study and answer the questions below: This was a large scale fire that started late at night and created a disaster zone involving a major shopping complex with multiple tenants. What happened? The cause was unknown but the fire spread rapidly through the ceiling to envelop the entire block. Nearby premises were extensively damaged not by fire but smoke & water • Electrical & air-conditioning systems were also destroyed • The whole area was shut down by Fire Services • Security guards were called in by property owners to control access • Staff of businesses affected who tried to visit the site next morning were distraught at what they saw • Media were quickly on the scene to write their stories for next day papers & were looking for any comments What went wrong? 1. The building sprinkler system was activated but did little to stop the fire 2. Most media comments were negative for the businesses involved. There was no mention of crisis and continuity plans to quickly restore business activity 3. One tenant who wanted to be anonymous, said “we don’t know what will happen & this will affect our business massively” 4. No “business as usual” statements appeared in the press for subsequent days What should have happened? 1. The possibility of such a happening should have been foreseen from a simple risk management process involving answers on a) probability, b) severity c) controls 2. Each business should have had a crisis & business continuity plan that had been tested before the event & then relied upon to deal immediately with the crisis 3. Staff should be asked to stay at home & not be allowed to visit the site as distraught staff will only hinder recovery & possibly make emotional statements to press 4. A competent spokesperson should issue a brief and positive message to the media while speculation should not be commented on 5. The existence of adequate insurance should be commented on 6. Alternative premises with adequate resources e.g. computer systems & data back-up should have been considered and resolved in advance of the fire Business Continuity and Disaster Recovery (BCDR or BC/DR) are closely related practices that describe an organisation's preparation for unforeseen risks to continued operations. The trend of combining business continuity and disaster recovery into a single term has resulted from a growing recognition that both business executives and technology executives need to be collaborating closely instead of developing plans in isolation. Questions: 1) From the Case study above, design and develop a Business Continuity and Disaster Recovery Plan to minimise the risk of the above case study happening again. Utilise the following six steps; a) Know your risks- Businesses are at risk from many natural disasters, societal hazards and supply chain disruption. The range of risks includes: bushfire, floods, building fire, criminal activity, staff loss, electrical failure. b) Conduct a business impact analysis - If you follow this step you will know what critical inputs you need to put in place if your business is affected by a structural or natural disaster. This involves: • Identifying your key products and services • Deciding on how long you can stop delivering them • Identifying your critical inputs c) Develop continuity strategies to operate your business- With some forethought you can develop continuity strategies to keep your business operating after a disruption: • cross-training staff and skill-sharing • hiring equipment • borrowing equipment from another business • having back-up equipment • retaining old equipment when it is replaced • practicing manual processes to replace computer systems • identifying alternative suppliers • having records and forms stored off-site • keeping computer back-ups off-site • contracting out • having insurance policies, contracts and other important documents copied and kept off-site • succession planning. d) Identify communication needs- The success of your business continuity plan may depend on ensuring the right people and organisations are contacted quickly. This will ensure you get the help and support you need to maintain your business. Key contacts you need to include: • staff • key customers • insurance company • financial institution • supplier • alternative suppliers • contractors • regulator • hire companies • equipment maintenance companies. e) Be ready to go- Your contingency strategies will be most successful if you practice them regularly. Staff will need to be clear on when your continuity plan is to be deployed and know the triggers to start using it. They are most likely to be able to continue working effectively with your contingency strategies if they have practiced them. It may be helpful to conduct some business continuity exercises. An exercise can be as simple as a discussion about what people would do if a range of situations occurred, such as: • the electricity supply is disrupted for two days • the computer system fails and will be out of service for a number of days • a key supplier closes down at short notice • a number of staff are seriously injured in a car accident and will be off work for months • your building burns down. f) Review your plan- As your business grows and changes you will need to revise your business continuity plan. Review it every six months. Most importantly, check telephone numbers. Remember to keep two copies of your business continuity plan at two different sites in case one is destroyed. Course Code and Name: BSB60215 Advanced Diploma of Business Unit Code: BSBCON801 Unit Title: Establish and review the Business Continuity Management Framework and Strategies “A disaster doesn't have to be a catastrophe if your business is well prepared,” We've witnessed the full range of natural disasters in Australia, from flash flooding to bushfires. Man-made disasters such as virus attacks, accidentally wiping data and power outages can also affect businesses. Having a disaster recovery plan in place is one thing small business owners should consider. What would happen if everything that relied on IT suddenly vanished? Would you have the ability to continue running the business? How long could you do it without IT before it begins to affect performance? It is almost impossible to prepare for the worst but planning is critical to ensure your business has the ability to get through in the worst-case scenario. A Telstra-commissioned survey revealed more than half of all Australian small businesses don't have a disaster recovery plan in place. It indicates about 52 per cent of businesses have not thought ahead and given more consideration towards a disaster recovery plan. When a storm struck the call centre of national delivery company Couriers Please in Homebush, it had no communication links for up to eight days. The storm struck during the Christmas period, one of the busiest times of the year for most businesses. Without any solid indication on when its systems would be back in full swing, the company had to think quickly of how it was going to keep its call centre operations running without affecting customers. "The downpour flooded the exchange pit that holds all of our telecoms," says the chief information officer of Couriers Please, Alistair Alderson. "At the time we thought it was going to be a one- or two-hour outage, nothing to the point of what we were going to be out for. It was hard to make calls on how we would deal with it." The company has other call centres throughout the country in Perth, Brisbane and Melbourne and for the first few hours it was able to flick a switch to divert calls to those centres so they could still be answered, Alderson says. Couriers Please uses a hosted contact centre application called Genesys. "It is all well and good for a short period but if you're talking two to eight days, the customer service kind of gets degraded in those areas as well because those staff can't take on that call volume for a sustained period," Alderson says. "We had to make a call on how we would deal with the NSW area and luckily we had a network connection in our head office and we were able to move hardware and staff there. It kind of saved our bacon a bit. "It's hard to gauge the damage on the business but overall it was a successful disaster recovery plan." Alderson says Couriers Please has about 70 office staff and about 500 contracted couriers who were left without a data connection but were still managing to get bookings and dispatch for jobs in NSW. Please answer the following scenario: You are employed by a small distribution/warehousing organisation in Queensland with 30 staff in various capacities from junior warehouse person to sales manager. Your CEO has been made aware of the above situation and you have been requested to put in place a business continuity management plan to minimise risks associated with loss of IT and communication with staff in the field and customers. You are to include the following: 1. The establishment of a business continuity framework with consultation with staff and management. • Hold meetings with all business units to identify IT usage across the business and existing IT processes. • Develop a BC Plan outlining the following: Objectives: • Develop an IT backup process • Outsource IT storage procedure • Develop IT procedure document • Communicate IT outages procedure to staff 2. A monitoring system to ensure that the business continuity plan is compliant and relevant with scenarios and role plays to enable staff and management to be familiar with the business continuity plan. Develop tools to verify and validate the business continuity management framework. • Training • Communications strategy on the training schedule and processes • Monthly meeting with IT company to review IT backup status 3. Review and evaluate business continuity management framework to update the overall business continuity management framework learning and development exercises, communication strategies and implement changes. • Adjust BC plan as required • Plan B Strategy – set up temporary hire relationship with Supplier and IT storage offsite with outsourced company for security and accessibility • Introduced remote log-in for staff in event of IT downtime • Engage BC specialist to review our BC plan to ensure quality 4. Implement and conduct business continuity management system for auditing purposes for compliance • The organisation should provide for the independent audit of its BCM competence and capability to identify actual and potential shortcomings. • It should establish, implement and maintain procedures for dealing with these. • Independent audits should be conducted by competent persons, whether internal or external.