“How to do” plus “What to do”

Drawing from the international Business Continuity Standard ISO 22301, the ISO 31000 Risk Management standard, the ISO 22361 Crisis Management Standard, and the ISO 22398 Exercises and Testing standard, we believe this course “BCM-901: Business Continuity and Resiliency Management” is the very best business continuity training offered anywhere in the world.

Learn how to initiate and manage a comprehensive BCMS program—from start to finish! In addition to "best principles", you also learn "best practices" - the practical "how to" develop and maintain an effective Business Continuity Management System. We teach you “what” you need to know plus “how” to do it.

The course covers:
- Pandemic Planning - preparing your firm for the next Coronavirus
- CyberSecurity preparedness
- tools and techniques for conducting risk assessments and business impact analysis
- practical methodologies to design and manage effective continuity plans
- case studies to examine real life situations and their solutions
- guided study and group exercises to apply the lessons learned
- methodologies for creating a plan to support your business in the face of any critical incident.

This course is fully accredited by National Institute for Business Continuity Management (NIBCM).

Completion of this course qualifies participants to write the certification exam to obtain the professional designation of Business Continuity and Resiliency Professional (BCRP).

IBCT has had virtually 100% success preparing course participants for this exam. In the unlikely event that you do not succeed in your first attempt at the exam, IBCT will pay the $ 500 fee for any subsequent attempts.

A typical course participant has less than two years of experience in business continuity planning! They have been ‘volun-told’ into this new role and need to know how to successfully carry out these new duties.

This course is suitable for—and has been used effectively by—every type of organization in the private and non-profit sector and government, from multi-national firms to single proprietorships, and every size between. The techniques and tools we provide are applicable to banking, insurance, manufacturing, health care, pharmaceuticals, telecommunications, federal, state and local government organizations, in addition to international corporations and non-profit agencies.

In addition, participants leave this course with our Diploma in Business Continuity and Resiliency Management.

BCM - 901: Business Continuity and Resiliency Management

This 5-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity and Resiliency Program for business, government and not-for-profit organizations.

This workshop provides practical tools and techniques for creating and maintaining a Business Continuity Management System, and a comprehensive overview and understanding of BCMS, its principles, and methodologies, and best practices with a special focus on ISO 22301, the International Standard for BCM and the Plan-Do-Check-Act management cycle.

The course also enables participants to successfully sit the certification exam for the Business Continuity and Resiliency Professional (BCRP) designation.

Audience

This course is designed for new or experienced BCM practitioners, executives, managers, business continuity planners and business unit staff who are involved with business continuity planning. It is also highly useful for internal and external auditors, security managers, records managers, information technology managers, crisis managers, senior IT staff, administrative heads, and others responsible for the administration of any organization. 

Objectives

At the conclusion of this course, participants should:

• have a solid understanding of the Business Continuity Management lifecycle as it applies to ISO 22301

• know how to prepare their firm properly for the next Pandemic

• have the tools and knowledge required to conduct a Business Impact Analysis and Risk Assessment for their organization

• know how to identify and select cost-effective Business Continuity strategies for key business activities and ITDR

• know how to identify and select cost-effective strategies for key business activities, IT systems, and Cyber Security programs

• be able to guide their business unit personnel through the development of practical and effective business recovery plans

• be able to create an effective Incident Management structure within their organization, including Emergency Response and Crisis Management

• know how to keep their plans current and viable

• know how to plan and coordinate effective tests and exercises

• understand the role of CyberSecurity protocols and incident response

• successfully sit the certification exam for the Business Continuity and Resiliency Professional designation

Topics covered include:

1. Business Continuity Lifecycle Management:

• Evolution of BC Planning and Standards

• Overview of ISO 22301: Plan-Do-Check-Act cycle

• Setting corporate policies, objectives and budgets

• Assigning accountability for the Business Continuity program

• Establishing the Business Continuity teams

3. Crisis Communications

• Communicating proactively with customers, suppliers, and other stakeholders

• Addressing the needs and concerns of employees and their families

• Guidelines for Effective Media Relations—broadcast interviews, print media, news conferences, social media

4. Awareness and Training

• Defining your Awareness and Training Requirements

• Implementing the Program

• Managing the Ongoing Program

5. Business Impact Analysis and Risk Assessment - What threatens your organization?

• Understanding the need for a Business Continuity program

• Defining your organization's Business Continuity requirements

o Conducting a Business Impact Analysis

o Conducting a Business Unit Risk Assessment

6. Identifying and selecting Business Continuity strategies for:

• Mitigating risk

• Reducing impact

• Recovering technologies

• Resuming business operations

• Pandemic Planning & Business Continuity

7. Developing plans for IT Disaster Recovery

• Design an effective information technology (IT) Disaster Recovery Plan to recover critical IT systems, applications, and data

• Determine risks and impacts of disruption to IT infrastructure and Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)

• Establish effective CyberSecurity protocols and incident response procedures

• Initial response and assessment

• Interim contingencies

• Resource provisioning

• Business recovery

• Return to normal

9. Developing a Crisis Management Plan:

• Creating a Crisis Management Team

• Establishing on-site and off-site Command Centers

• Escalating emergencies and activating Business Continuity teams and plans

• Crisis management checklists to help the CMT with ‘crisis project management’

• Decision-making authority

• Coordination with public authorities

• Human resources issues

• Financial control issues

• Legal, contractual and regulatory issues

11. Review of Techniques for Training and Exercising Business Continuity Teams:

• Table Top Exercises

• Simulation Exercises

• Drills

• Operational Exercises

• Mock Disasters

12. Setting Test and Exercise Objectives:

• Planning and Preparation

• Measuring Success and Performance

• Critical Success Factors

13. Review of Techniques for Validating and Maintaining Business Continuity Plans:

• Desk Checks; Peer Reviews

• Structured Walkthroughs

• Standalone Tests; Integrated Tests

• Operational Tests

14. Plan Maintenance:

• Establishing a repository for all plan documentation and procedures

• Implementing a Change Control system

• Administering the maintenance process

• Developing and ensuring compliance with corporate policies and standards

15. Plan Evaluation:

• Identifying significant changes to business units and critical operating processes

• Reviewing current strategies for reducing risk, reducing impact, recovering computer systems, resuming business operations

• Reviewing and updating Business Continuity requirements

• Auditing the Business Continuity program

Typical Agenda for a 5-day Course:

Day 1

INTRODUCTION

Course Handouts: