Professional Documents
Culture Documents
Exercises
This document contains all the Exercises provided to participants. Answers and
comments specific to instructors are displayed in gray shaded boxes (like this one). If
answers are not provided for an Exercise, it is because there is no right answer for
the questions or tasks; in these cases, instructors should rely on their experience to
respond to participant work.
This document includes instructions for the participant exercises. Each exercise
describes the purpose, directions, and the allotted time for completion.
Keep in mind; there may be more than one correct answer for an exercise. Try to
identify the strongest or most direct answer in each case, and be prepared to
consider, defend, or rebuke alternate answers raised during class discussions.
Table of Contents:
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
15 minutes Individual work
10 minutes discussion
Directions:
This is a short quiz to establish your knowledge and understanding of ISO 22301 for
the Lead Implementation Course.
Duration:
20 minutes individual work
15 minutes discussion
Directions:
As individuals, using the definitions from ISO 22301 Clause 3, review the terms and
definitions and note which definitions belongs to which term. Note the correct letter of
the definition next to the appropriate term.
Term Definition
Documented Information A Part of the overall management system that establishes,
implements, operates, monitors, reviews, maintains and
improves business continuity.
Business Continuity B period of time following an incident within which product or
Management service must be resumed, or activity must be resumed, or
resources must be recovered
Recovery time objective C Minimum level of services and/or products that is acceptable
(RTO) to the organization to achieve its business continuity
objectives during a disruption
Process D Time it would take for adverse impacts, which might arise as
a result of not providing a product/service or performing an
activity to become unacceptable.
Business continuity plan E Information required to be controlled and maintained by an
(BCP) organization and the medium on which it is contained
Interested party stakeholder F Set of interrelated or interacting activities which transforms
inputs into outputs.
Maximum Acceptable Outage G Effect of uncertainty on objectives
(MAO)
Products and services H Holistic management process that identifies potential threats
to an organization and the impacts to business operations
those threats, if realized, might cause, and which provides a
framework for building organizational resilience with the
capability of an effective response that safeguards the
interests of its key stakeholders, reputation, brand and value-
creating activities
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
20 minutes individual work
10 minutes discussion
Directions:
List incidents that lead to disruptions that lead to impacts for your organization.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
20 minutes individual work
10 minutes discussion
Directions:
Referring to your lecture notes and the course slides, list some internal and external
issues for your organization that could have an impact on business continuity.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
20 minutes individual work
10 minutes discussion
Directions:
Three examples of possible scope statements for a Certified BCMS for Pacific
Telecom are given below. Theyre modeled on typical real-life scope statements and
neither especially good nor bad. Identify the pros and cons of each. When you have
considered these, write a draft scope for your own organization and share with other
delegates.
Scope Option 1
The management of Business Continuity at Mumbai and Delhi
Pros
Cons
Scope Option 2
The management of the high availability of the Telecom Services provided by
Pacific Telecom from Mumbai
Pros
Cons
Scope Option 3
The management of Business Continuity in Mumbai operations.
Pros
Cons
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
20 minutes individual work
10 minutes discussion
Directions:
This may be a group or single exercise as directed by the instructor. Review clauses
4,5, 6, and 7 of ISO 22301 and list five or more responsibilities of top management.
Who will be key in your organization to achieving a properly implemented system -
who do you need to gain commitment from? Be prepared to provide your answers
either orally or on a flip chart for class discussion, depending on the instructors
directions.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
30 minutes individual work
10 minutes discussion
Directions:
The BCMS Policy gives direction to the BC professionals who will establish and
maintain the BCMS. Its top managements answer to their question, Why are we
building an ISO 22301 BCMS?
According to ISO 22301 Clause 5 along with Scope and Interested Parties, comprise
the major content of the Policy.
Assume that the scope has been defined to include the entire company and its
operations, and that the key products and services are:
Delivery of mobile voice and packet
Point of interconnect (POI) commissioning
Maintenance of Servers, Switch and Relay base
Customer Service
The following three examples of BCMS Policy and Objectives for Pacific Telecom
are neither especially good nor bad. Check whether they meet the requirements of
Clause 5 and identify the pros and cons of each. Then identify three questions you
would ask of top management in order to draft a BCMS policy that meets business
needs beyond Get the ISO 22301 Certificate.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
1. Maintains compliance with relevant laws and regulations in all countries within
which we operate, specifically with regard to telecom protocols.
2. Delivers the premium services to customers to the best of our ability despite
disruptions due, for example, to network failure/congestion or power supply
shortages or even inclement weather.
3. Assesses business impact of disruptions and risks on a continuing basis and
establishes incident management plans and mitigation measures
commensurate with business impact, especially with regard to the companys
reputation for reliable service and integrity of the telecom network.
4. Sets standards for business continuity management that are communicated to
all employees.
5. Sets standards for handling business continuity incidents and weaknesses
such as to minimize their effect on customers, preserve our reputation, and
record actions and decisions taken for future reference.
6. Exercises our incident response structure, incident management and BC
management plans on a regular basis such that our business continuity
arrangements are continually validated.
7. Conforms to the requirements of ISO 22301 and certified as such.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
2. The BCMS defines methods and accountabilities for maintaining legal and
regulatory compliance in all operations despite disruption, especially with
regard to the telecom protocols.
3. The BCMS will be independently certified as conformant to ISO 22301.
4. Business impact analysis and risk assessment will be conducted annually, or
when significant events occur either directly involving Pacific Telecom or our
competitors or the telecom industry in general.
5. The BCMS will be managed by a management team who reports directly to
the Deputy Chairman. All departments and personnel are expected to co-
operate and comply with relevant BCMS procedures: BC is everyones
responsibility.
6. Business disruptions, or the potential for disruption, must be reported
immediately by phone or in person to a Manager, who will be responsible for
either dealing with the incident or escalating to the Incident Management
Team as appropriate.
7. The BCMS provides means for enabling top managers to assess business
continuity capability across the business on an annual basis. These
assessments are used to evaluate the effectiveness of the system and
establish business continuity budgets and priorities.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
15 minutes individual work
20 minutes discussion
Directions:
This may be a group or single exercise as directed by the instructor.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Exercise 9: BC Objectives
Purpose:
Determine BC objectives.
Duration:
30 minutes individual work
20 minutes discussion
Directions:
What main five objectives might their be for your organization using the five items to
be achieved? Use the table below to list the five items to be achieved from Clause
6.2.
Objective Who will be What will be What When will it How will the
responsible? done? resources be results be
will be completed? evaluated?
required?
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
20 minutes individual work
10 minutes discussion
Directions:
Communications is a very important aspect of a BCMS. Determine five primary
interested parties that should be communicated with in the event of an impact and
what, when, and how they would communicate. Refer back to Exercise 2 and choose
one of the impacts from that list.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
20 minutes individual or group work
10 minutes discussion
Directions:
Individually or in workgroups as assigned by your instructor:
Identify at least four key processes, within Clause 8, with their defined inputs
and outputs, as required by ISO 22301.
Identify the resources (people, skills, technology, etc) that would be required
to implement these processes.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
75 minutes group work
45 minutes discussion
Directions:
Your instructor will assign you to small workgroups. Conduct the activities below for
your organization. Many of the answers will be the same for all organizations.
Activity 1
Please use ISO 22301 clause 8.2.2 to devise a questionnaire that could be
completed by key managers, supervisors and staff at your organization as an initial
step in the BIA.
As a reference point, the first question is: Please identify a product or service to
analyze.
In many organizations, the answer to the above question will be defined by the BC
manager and the questionnaire sent to all departments that may be concerned with
supporting it.
Activity 2
In general terms, to whom in an organization should such a questionnaire be
directed?
Who should analyze questionnaire returns and perhaps facilitate further analysis?
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
45 minutes individual work
15 minutes discussion
Directions:
As individuals or as directed by the instructor, Assess the Risk for PT, specifying risk
criteria and Risk appetite.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
25 minutes individual work
15 minutes discussion
Directions:
As individuals or as directed by the instructor, read through the material below and
follow the directions.
Here are the salient points from Pacific Telecoms BIA, Risk Assessment and
Treatments, relevant to determining its BC Strategy:
It must be prepared for warehouse failure, or denial of warehouse (e.g.
through flood, pandemic, electricity failure)
It must anticipate Switch and Relay failures
It must expect Point of Interconnect (POI) to fail
It must be prepared for failure in MSC
Its priorities are to continue to provide Mobile 3G services as identified in the
Policy workshop
Please use the guidance in ISO 22313 clause 8 to suggest outline strategies, that
meet the requirements of ISO 22301 clause 8.3, for Pacific Telecom that address
People, Premises, Technology, Information, Supplies and Stakeholders.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
25 minutes group work
15 minutes discussion
Directions:
Discuss the probable Table of Contents for IRS Plan, within your group and
provide responses as directed by the instructor:
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014
Duration:
15 minutes group work
15 minutes discussion
Directions:
Discuss the following within your group and provide responses as directed by the
instructor:
1. What needs to be measured and monitored?
2. How your organization would go about monitoring and measuring its BCM and
BCMS?
3. How would you ensure that your organization is continuing to meet interested
party, contractual and regulatory requirements?
Review these activities in relation to the Plan-Do-Check-Act cycle.
Exercises (IG)
BCM02301ENIN V3.1 Mar 2014