BCMS Awareness Training

BCMS Awareness Training. National Development Bank PLC June 2023.

Objective. 01. To provide a basic knowledge of importance of Business Continuity Management System (BCMS) and steps needs to follow in order to ensure the bank's ability to continue operating its critical functions and services in the face of disruptive events or disasters..

What is Business Continuity Management System (BCMS).

Introduction to Business Continuity Management System.

Interested Parties / Stakeholders. Customers. Regulatory Authorities.

Importance of BCMS. 03. Classification: Internal.

02 Protection of shareholder value 07 Compliance issues which will be identified and managed for alternative processes 03 Improved understanding of the business as gained through risk assessment and mitigation 04 Operational resilience which ends up from implementing risk mitigation 05 Reduction in downtime when alternative processes and workarounds are identified.

Business Continuity Plan & Disaster Recovery Plan.

Business Continuity and Disaster Recovery Plan. BCP & DRP.

Business Continuity and Disaster Recovery Plan. BCP & DRP.

Disaster Management Phases (Execution). Pre-Incident.

ISO 22301 Certification. 05. Classification: Internal.

ISO 22301 is an International Standard for implementing and maintaining effective business continuity plans, systems and processes..

Advantages of Certification. Independent check of conformity to ISO 22301:2019 by a certification body.

ISO 22301:2019 Certification Process. Implementation of BCMS.

Importance of following BCMS. 06. Classification: Internal.

By following the established procedures and protocols, employees can mitigate risks, evacuate safely if necessary, and respond appropriately to emergency situations..

Responsibility as an employee adhering to BCMS. 07.

Following established procedures and guidelines for business continuity.

Roles and Responsibilities. Roles Responsibilities BCSC (Business Continuity Steering Committee) – IT Department Ensure to operationalize BCMS in IT Department (Detailed description can be found in the NDB-BCMS-PR-001-Business Continuity Roles and Responsibilities) Chief Information Officer (CIO/VP) Serves as the focal point for deciding on all IT Business Continuity Issues. (Detailed description can be found in the NDB-BCMS-PR-001-Business Continuity Roles and Responsibilities) ITBCMT (IT Business Continuity Management Team) Developing and implementing strategies and plans to ensure the bank's critical IT business functions can continue during and after a disruption or crisis (Detailed description can be found in the NDB-BCMS-PR-001-Business Continuity Roles and Responsibilities) ITBCM (Business Continuity Manager) Ensuring that an organization's IT infrastructure and systems can continue to operate during and after a disaster event . (Detailed description can be found in the NDB-BCMS-PR-001-Business Continuity Roles and Responsibilities) ERT (Emergency Response Team) Provide rapid and effective response during emergency situations (Detailed description can be found in the NDB-BCMS-PR-006-Disaster Recovery Procedure).

Roles and Responsibilities. Roles Responsibilities DRT (Disaster Recovery Team) Restore and recover IT systems and infrastructure after a disruptive incident. (Detailed description can be found in the NDB-BCMS-PR-006-Disaster Recovery Procedure) SCT (Service Continuity Team) The composition of the team will be decided by the ERT and should consist of financial and management leads, along with technical experts. (Detailed description can be found in the NDB-BCMS-PR-006-Disaster Recovery Procedure) IT Staff Adhere to the BCMS policies and procedures.

Examples of disruptive events. 08. Classification: Internal.

Example 1 – Signs of a ransomware attack. These all signs could be of a ransomware attack.

Actions to be taken during a ransomware attack. You are required to call the Helpdesk department to inform any IT related issues you are facing, and the Helpdesk team will open a ticket for you..

Example 2 - Actions to be taken during a pandemic situation.

THANK YOU. Classification: Internal.

Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities..