Transcript Presentation

Business Continuity
Presented by Adele Sands
17 March 2015
The Department of Human
Services
Page 3
The department
provides:
– policy/programme
management, and
– service delivery of
payments on behalf of
the Australian
Government
– for three master
programmes:
• Centrelink
• Medicare
• Child Support
Page 4
Page 5
Page 6
401 service
centres
26 smart centres
38 support or
processing sites
13 Child Support
Call Centres.
ICT
Page 7
DHS delivers $2.8 billion each week into the
Australian economy.
Assistance to the aged
People with disabilities
Assistance to the unemployed and the sick
Assistance for Indigenous Australians
Assistance to veterans and dependants
Assistance to families with children
Other welfare programmes
General administration
$148 billion per annum
around 11% of Australia’s GDP
We have to be smart in our
delivery of Business Continuity
Page 8
The First Round –
lessons learnt
Page 10
2012 - A change in BCM
This resulted in:
• a top down approach
• BCPs ONLY required for critical
functions, assessed by:
– MTPD is five days or less
– the department would incur a major or
extreme consequence within this time
Page 11
Complexities
Considering the size and complexity of the
department, the new process resulted in:
• confusion
• never ending questions regarding the
different variables
• “Why’s” and “What if’s”
• frustration regarding duplication of work
The BCM Review –
Accountability vs.
Service Delivery vs.
Service Continuity
Page 13
Accountability
The policy or programme divisions are
always ACCOUNTABLE for the function.
They:
• are (usually) not responsible for service
delivery
• are not responsible for the service
continuity of the enabling ICT systems
Page 14
Accountability
• provide intelligence around associated
service level agreements or legislative
requirements
• incident manage disruptions to the
delivery of the function
• liaise with and relationship manage key
stakeholders
• as function “owners”, are best placed to
determine RTOs and MTPDs
Page 15
Service Delivery
• The department’s Service Delivery
Operations Group is responsible for the
SERVICE DELIVERY of the majority of
critical functions
• Service delivery is performed via
multiple channels, from different sites all
across Australia
Page 16
Service Delivery
• Some functions are delivered from
multiple sites and are able to be easily
shifted around depending on the type of
disruption
• In the above situation there is no need to
obtain detailed information on staffing
resources
Page 17
Service Delivery
• If a function is identified as being
delivered from four or less sites, it is
classified as high risk
• High risk = more thorough analysis of
resource dependencies
Page 18
Service Continuity
• The department’s CIO group is
accountable and responsible for the
SERVICE CONTINUITY of enabling ICT
systems
• The BIA captures critical ICT
dependencies and single points of failure
for ALL critical functions
• This information is presented to the ICT
BC team
Page 19
Service Continuity
The ICT BC team will then:
• identify the responsible ICT teams
• analyse existing service continuity
arrangements, including the capability
to:
Protect ~ Detect ~ Respond ~ Recover
• identify and report on gaps
Page 20
Accountability
Accountability
Critical
Function
Service Continuity
Resource Availability
of
(ICT Programme)
Resource
Critical
Function
CORE
CRITICAL
FUNCTION
Service Delivery
Incident/Programme
Management
of
Critical Function
Outer Circle
Inner Circle
Function is only critical when the core function is disrupted
Function is always critical
Page 21
Improvements
• Review and update templates
• Develop informative guides on different
aspects of the process
• Develop step-by-step process
documents to ensure transparency, and
to provide assurance that staff deliver
the programme consistently = data
integrity
Page 22
Improvements
• Develop pre-populated templates for
frequently used continuity procedures
Having this work already prepared has
streamlined the process, resulting in
efficiencies and improved focus on
strategic aspects.
The Second Round of
BIA/BCPs –
Strategic Focus
Page 24
Strategic Focus
Business continuity management for the
department now takes a more strategic
approach with:
• improved and streamlined guides and
templates
• a greater focus on identifying
vulnerabilities and single points of
failure
Page 25
Strategic Focus
This enables us to:
1. Report significant risks to:
• our accountable executive level staff
• our risk management section
• our governance committee
2. Inform service delivery divisions of the
criticality of the functions they deliver
Page 26
Strategic Focus
3. Provide intelligence to response and
recovery committees about incidents
impacting DHS Canberra sites
4. Provide intelligence to service delivery
zones about functions delivered within
their geographical footprint
Page 27
Strategic focus
5. Inform ICT of the systems that support
critical functions
ICT can then work to ensure that these
systems have appropriate service
continuity measures in place to support
their availability and performance.
Questions?