Measuring Continuity Planning Program. Performance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Measuring Continuity Planning Program. Performance"

Transcription

1 Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda How an enterprise-wide BCP program should be structured Business Continuity and Crisis Management Process Overview Two approaches to building metrics processes Utilizing and Enterprise Risk Management Approach Value Driver Based Utilizing the ISO Information Security Management System Standards Based Metrics Program Benefits and Recommendations

2 Enterprise-wide BCP Bus. Process Infrastructure & Approach Business Process Focused Risk Management/Analysis/BIA Continuity and Recovery Strategy ebusiness Uptime Requirements Benchmarking/Peer Analysis Metrics Business Process/Function/Unit Recovery Planning/Execution Teams Time-Critical Processing Resource Requirements Plan Development Plan Exercise Quality Assurance Change Management Business (requirements) Continuity Planning (BCP) Continuous Availability Continuous Operations Disaster Avoidance etechnologies Redundancy & Diversity Known Failover and Recovery Timeframes Crisis Management Planning (CM) Continuous Availability Technology and Communications IT Disaster Recovery Planning (DRP). Global Enterprise Crisis Management & Emergency and Response Team(s) Emergency Response Command Center Planning Awareness Training Communications Coordination Technology Infrastructure Recovery Planning and Execution Teams Strategy Implementation Assistance Plan Development Plan Exercise Quality Assurance Change Management Metrics Development Approach 1 - Base metrics on Enterprise Value Drivers

3 Value Drivers Risk Drivers Strategy Capability (most KPIs here) Implement Best Business Practices Manage Growth Drive Innovation Enterprise Risk Management Framework Risks Strategic Operational Stakeholder Financial Intangible Risk Strategy Assess Appetite Prioritize Treatment Approach BCP /EM Legal Risk Functions Internal Audit ERM Crisis Mgmt Risk Management Process Risk Strategy & Assess Appetite Assess Risk Risk Mgmt IT Security Organization Enterprise Risk Committee CRO or ERM Manager Culture Knowledge Mgmt Metrics Training Communication Tools RiskWeb Early Warning System Assessment and Quantification tools Control Cost Allocation of Capital Capability Functions Process Organization Culture Tools Enterprise- Wide Integration Program Strategy Develop Deploy Continuously Improve Treat Risk Monitor & Report Enterprise-wide Integration Strategic Planning Programs/PMO Processes Functions Risk Attributes Lifecycle Individual Portfolio Qualitative Quantitative Examples of Value Drivers Satisfaction Impact on external customers # of customers impacted Duration of impact People Loss/ access to private employee information Workforce endangerment Access to executive information, systems, etc Financial Cost Increase Revenue loss Intangible Proprietary information Damage to brand

4 If you can't measure it, you don't know it Identify/Monitor Identify/Monitor Enterprise Enterprise Value Value Drivers Drivers Financial Financial Increase Increase sales sales 10% 10% Decrease Decrease expenses expenses 8% 8% Increase Increase customer customer privacy privacy Increase Increase customer customer service service efficiency efficiency Metrics Development Process Define Define Metrics Metrics for for Linked Linked Components Components Financial Financial BIA BIA updated updated annually annually BCP BCP quality quality survey survey demonstrates demonstrates percentage percentage increase increase in in awareness awareness service service survey survey demonstrates demonstrates higher higher levels levels of of approval approval wait wait time time decreased decreased by by 13% 13% Define Define Value Value Driver Driver Linkages Linkages to to Program Program Components Components Financial Financial Business Business Impact Impact Assessment Assessment Process Process (drives (drives down down expenses expenses due due to to increased increased BCP BCP efficiencies) efficiencies) Recovery Recovery strategy strategy deployment deployment (redundant (redundant solutions solutions provide provide additional additional bandwidth) bandwidth) Metrics Development Time Line Phase 1/4 Phase 2/5 Phase 3/6 1. Identification of Value Drivers 2. Map Value Drivers to BCP Process Components 3. Develop Qualitative & Quantitative Metrics for linked components 4. Monitor/Modify Value Drivers 5. Map Value Drivers to BCP Process Components 6. Develop Qualitative & Quantitative Metrics for linked components T I M E

5 Metrics Development Method Identify & Define Value Drivers Executive Management motivation data gathering (customer satisfaction, financial, intangible, etc.) Timely business impact assessments are performed The Continuity Planning infrastructure was developed utilizing a methodological approach Emergency Response Procedures are: - Formalized - Address life safety considerations of both employees and outsiders - Located or posted in conspicuous locations throughout each facility - Operating personnel have received training within the past six months -Emergency Response Procedures are tested periodically (at least semi-annually) -Emergency Response actions are coordinated with Civil Authorities, internal facilities management, etc. -Updated at least semi-annually - Auditable and audited with no resulting significant criticisms Categorize Continuity Program Measurement Components Examples could include BCP Lifecycle Components (BIA, Emergency response Procedures, Crisis Management Teams, Documented Plans, Test Plans, Training, etc.) Continuity Program Measurement Criteria Metrics Development Approach 2 Base metrics on commonly recognized standards and practices (ISO for instance)

6 ISO 17799/27001 Scope ISO (should) is an International Standard that provides: recommendations for Information Security Management (133 control objectives) a common basis for developing organizational security standards and effective security management practices confidence in inter-organization dealings an organization cannot get certified against ISO ISO (shall) is an International Standard that provides management guidelines for implementing and managing the 133 control objectives utililizing a coordinated Information Security Management System (ISMS) approach: When properly implemented the ISMS provides auditable and certifiable proof as to the effectiveness of the ISMS and the 133 control objectives ISO assists us in how we manage information security for auditability and certification Base Standards on ISO27001 BCP Requirements ISO27001 Aspects of the Business Continuity Management Program Business Continuity Management Process Business continuity management processes shall be established to ensure uninterrupted of business activities. Business Continuity and Impact Analysis A comprehensive risk management process shall be applied to business processes Writing and Implementing Continuity Plans Business continuity plans shall ensure maintenance or timely recovery of business activities Business Continuity Planning Framework Business continuity plans shall have a single framework to facilitate the testing and review of plans Establish Testing, maintenance, and assessments for business continuity plans

7 ISO27001 BCP Framework Executive Policy Statement (Info Sec, Phy. Sec., BCP, etc.) Business Continuity Program - Charter Business Continuity Program Enterprise Standards/Processes Metrics BCP Program Framework BCP Policy & Charter Governance Scope Roles & Responsibilities Company Objectives The WHY BCP Standards/Processes Baseline Requirements Enterprise-Wide Synergy Repeatable Processes Consistency/Predictability The WHAT Legislative / Regulatory Compliance Executive Management Direction Enterprise-Wide Due Diligence Competitive Advantage ISO Alignment Predictable/Repeatable Industry Best Practices BCP Specifications Operating Area Established Operating Area Maintained Operating Area Defined Metrics The HOW

8 BUSINESS CONTINUITY SAMPLE METRIC CATEGORIES Objective Threshold Transactions Calls Equipment Required People Required Time to Recover Event Assessment BCP Framework - Gap Analysis Gap Analysis Process Same Process as ISMS Alignment with Standards Operating Area Specifications Operating Area Procedures Gap Remediation Critical and Highs Remediation Plans Gap Acceptance Formal Process & Signoffs Measurement Test Objectives vs. Results

9 Benefits of Metrics Can be used to reduce costs (insurance possibly) Can be used as an advantage in the marketplace Provides a map to where process improvement may be needed Provides oversight insight (audit, compliance) Recommendations Think in terms of how do you as a planner get management attention, buy-in and budget? One way is to develop and be measured against a set of metrics. How do you as a Continuity Planner demonstrate the value-add contributions of the enterprise continuity planning business process? Stay out of the weeds Don t focus on IT recovery only THINK Value-add contribution to the business/mission or Adherence to standards through periodic gap analysis. Focus on defining who the stakeholders are (corporations -shareholders, government-the people) What does the key stakeholder value from this organization? Break the BCP process down so we can make operational, manageable, and measurable decisions. Discuss and present in Executive Management terminology.

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

COMMUNIQUE. Information Technology (IT) Governance Guidance

COMMUNIQUE. Information Technology (IT) Governance Guidance COMMUNIQUE 14-COM-002 July 14, 2014 Information Technology (IT) Governance Guidance The Credit Union Prudential Supervisors Association (CUPSA) has established an IT Risk Working Group to focus on IT governance

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015 Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,

More information

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

ISO 27001:2005 & ISO 9001:2008

ISO 27001:2005 & ISO 9001:2008 ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the

More information

Plan Development Getting from Principles to Paper

Plan Development Getting from Principles to Paper Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

Prudential Standard LPS 232

Prudential Standard LPS 232 Prudential Standard LPS 232 Business Continuity Management Objective and key requirements of this Prudential Standard This Prudential Standard aims to ensure that each life company implements a whole of

More information

Improving Financial Performance, Governance and Compliance

Improving Financial Performance, Governance and Compliance Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com

More information

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

The Role of Internal Audit In Business Continuity Planning

The Role of Internal Audit In Business Continuity Planning The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Many components can make up the risk management capability; some of the key elements are discussed below:

Many components can make up the risk management capability; some of the key elements are discussed below: Successful Security, Risk and Control Programs from DelCreo, Inc., an Enterprise Risk Management Company DelCreo Enterprise Risk Management Framework Part II Strategic planning is an area that I believe

More information

Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità

Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Overview. Emergency Response. Crisis Management

Overview. Emergency Response. Crisis Management Prudential Financial s Preparedness Strategy Overview Emergency Response, Crisis Management, Business Continuation, Technology Disaster Recovery & Health Crisis Preparedness Prudential is committed to

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008 IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008 Jan Duffy, Research Director Industry Insights Agenda About IDC Insights Today s organizational complexities

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

Building Competence in Reputation Risk Management

Building Competence in Reputation Risk Management Building Competence in Reputation Risk Management PRSA International Conference 16 October 2012 Linda Locke, Reputare Consulting What keeps you up at night? 2 What keeps your board up at night? Reputational

More information

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

The transformation of IT Risk Management. kpmg.com

The transformation of IT Risk Management. kpmg.com The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight

> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight > State Street An Integrated Approach to Continuity Metrics & Progress Reporting Presented to: Continuity Insights May 2007 Presented by: Chris Glebus Continuity Organizational Structure Executive Management

More information

Enterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport

Enterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport January 2010 Enterprise Risk Management (ERM): In Action Co-presented by: Michael Yip, Risk Consulting Norma Essary, DFW International Airport www.marsh.com Discussion Topics Enterprise Risk Management

More information

Business Continuity and Disaster Recovery Policy

Business Continuity and Disaster Recovery Policy Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology

More information

Accreditation Application Forms

Accreditation Application Forms The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms

More information

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan Meeting FFIEC Requirements: Enterprise-Wide Testing of Your Business Continuity Plan April 25, 2012 Robin Remines, CBCP, AMBCI Certified Business Continuity Professional The OGO Difference Focus on making

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Aligning Compliance Program Priorities with Business Objectives

Aligning Compliance Program Priorities with Business Objectives Aligning Compliance Program Priorities with Business Objectives By Jay G. Martin Vice President, Chief Compliance Officer and Senior Deputy General Counsel Baker Hughes Incorporated CAIL Institute for

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Information Security. Incident Management Program. What is an Incident Management Program? Why is it needed?

Information Security. Incident Management Program. What is an Incident Management Program? Why is it needed? Information Security Incident Management Program What is an Incident Management Program? It is a coordinated program of people, processes, tools and technology, which prevents and manages information security

More information

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT Karl D Bryant, MBCP, MBCI, CBCLA, PMP Senior Vice President PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT WWW.CHICAGOLANDRISKFORUM.ORG BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW BUSINESS

More information

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013 State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental

More information

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in the Development and Implementation of Effective Model Risk

More information

Transforming risk management into a competitive advantage kpmg.com

Transforming risk management into a competitive advantage kpmg.com INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business

More information

IFMA Facility Management Learning System - Table of Contents

IFMA Facility Management Learning System - Table of Contents Competency: Communication Chapter 1: Communication Fundamentals o Topic 1: The Nature of Communication o Topic 2: Effective and Efficient Communication o Topic 3: Cross-Cultural Communication o Topic 4:

More information

Using the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006

Using the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006 Using the Business Continuity Maturity Model To Gain Executive Approval Margaret Langsett, Executive Vice President, Virtual Corporation Manfred Heinzlreiter, CBCP, Managing Partner, BR- i.com June 20,

More information

Datacenter Migration Think, Plan, Execute

Datacenter Migration Think, Plan, Execute Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With

More information

A BCP Tale: From Theory to Practice

A BCP Tale: From Theory to Practice A BCP Tale: From Theory to Practice Presenter: Gord Novoselnik Problem & Configuration Manager, Enterprise Solutions Division, MTS Allstream Gord.Novoselnik@mtsallstream.com 1 10 Commandments of BCM I.

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A

More information

The Keys to Successful Service Level Agreements Effectively Meeting Enterprise Demands

The Keys to Successful Service Level Agreements Effectively Meeting Enterprise Demands A P P L I C A T I O N S A WHITE PAPER SERIES SYNTEL, A U.S.-BASED IT SERVICE PROVIDER WITH AN EXTENSIVE GLOBAL DELIVERY SERVICE, SUGGESTS SPECIFIC BEST PRACTICES FOR REDUCING COSTS AND IMPROVING BUSINESS

More information

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of

More information

AGILE. Project OPM3 Portugal. 2014 PM4S. All Rights Reserved. Lisbon, Portugal

AGILE. Project OPM3 Portugal. 2014 PM4S. All Rights Reserved. Lisbon, Portugal AGILE Project OPM3 Portugal 2014 PM4S. All Rights Reserved. Lisbon, Portugal OPM3 Maturity Model OPM3 Knowledge Assessment Improvement Projects Programs Portfolios Organizational Enablers Measures processes

More information

Principles of IT Governance

Principles of IT Governance Principles of IT Governance Governance of enterprise IT focuses on delivering services to support top line growth while moving operational savings to the bottom line. The management of IT services has

More information

AIPM PROFESSIONAL COMPETENCY STANDARDS FOR PROJECT MANAGEMENT

AIPM PROFESSIONAL COMPETENCY STANDARDS FOR PROJECT MANAGEMENT AIPM PROFESSIONAL COMPETENCY STANDARDS FOR PROJECT MANAGEMENT PART F CERTIFIED PRACTICING PORTFOLIO EXECUTIVE (CPPE) JUNE 2014 Version 2.1 DOCUMENT CONTROL Document Information Document Title Release Authority

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers

More information

IA Metrics Why And How To Measure Goodness Of Information Assurance

IA Metrics Why And How To Measure Goodness Of Information Assurance IA Metrics Why And How To Measure Goodness Of Information Assurance Nadya I. Bartol PSM Users Group Conference July 2005 Agenda! IA Metrics Overview! ISO/IEC 21827 (SSE-CMM) Overview! Applying IA metrics

More information

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management Bridgework: An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management @Copyright Cura Software. All rights reserved. No part of this document may be transmitted or copied without

More information

Control Design & Implementation Week #5 CRISC Exam Prep ~ Domain #4. Bill Pankey Tunitas Group. Job Practice

Control Design & Implementation Week #5 CRISC Exam Prep ~ Domain #4. Bill Pankey Tunitas Group. Job Practice 1 Week #5 CRISC Exam Prep ~ Domain #4 Bill Pankey Tunitas Group CRISC Control Design Domain Job Practice 4.1 Interview process owners and review process design documentation to gain an understanding of

More information

San Francisco International Airport Enterprise Risk Management

San Francisco International Airport Enterprise Risk Management San Francisco International Airport Enterprise Risk Management Mike Warren Airport Risk Manager WHAT IS ENTERPRISE RISK MANAGEMENT (ERM) It is a comprehensive program that focuses on a continuous and sustainable

More information

Portfolio Management Professional (PfMP)SM. Examination Content Outline

Portfolio Management Professional (PfMP)SM. Examination Content Outline Portfolio Management Professional (PfMP)SM Examination Content Outline Project Management Institute Portfolio Management Professional (PfMP) SM Examination Content Outline Published by: Project Management

More information

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve HIPAA, SOX, PCI, GLBA...In today's corporate environment, businesses are facing increasing regulation affecting the corporation

More information

Competency Requirements for Executive Director Candidates

Competency Requirements for Executive Director Candidates Competency Requirements for Executive Director Candidates There are nine (9) domains of competency for association executives, based on research conducted by the American Society for Association Executives

More information

3 rd Party Vendor Risk Management

3 rd Party Vendor Risk Management 3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced

More information

Managed services for credit solutions: Driving business value in banking

Managed services for credit solutions: Driving business value in banking White Paper Managed services for credit solutions: Driving business value in banking Business solutions through information technology Entire contents 2005 by CGI Group Inc. All rights reserved. Reproduction

More information

OPTIMAL MANAGEMENT OF PHYSICAL ASSETS PAS 55 COMPLIANCE

OPTIMAL MANAGEMENT OF PHYSICAL ASSETS PAS 55 COMPLIANCE www.ifsworld.com OPTIMAL MANAGEMENT OF PHYSICAL ASSETS PAS 55 COMPLIANCE Michael Blalock Global Industry Director - Energy & Utility IFS GREAT NEWS! FOR IFS ASSET MANAGEMENT CUSTOMERS THE GREAT NEWS...

More information

Enabling Compliance Requirements using ISMS Framework (ISO27001)

Enabling Compliance Requirements using ISMS Framework (ISO27001) Enabling Compliance Requirements using ISMS Framework (ISO27001) Shankar Subramaniyan Manager (GRC) Wipro Consulting Services Shankar.subramaniyan@wipro.com 10/21/09 1 Key Objectives Overview on ISO27001

More information

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM A WHITE PAPER CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM AUTHORS: Neil A. Smith, MBCP nsmith24@csc.com Sandra Riddell, MBCI sriddel4@csc.com CSC Papers 2013 ABSTRACT The auditors said

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Business Continuity Planning. Description and Framework. White Paper. Preface. Contents

Business Continuity Planning. Description and Framework. White Paper. Preface. Contents Comprehensive Consulting Solutions, Inc. Business Savvy. IT Smart. Business Continuity Planning White Paper Published: April 2001 (with revisions) Business Continuity Planning Description and Framework

More information

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM)

Department of Veterans Affairs VA Directive 0054. VA Enterprise Risk Management (ERM) Department of Veterans Affairs VA Directive 0054 Washington, DC 20420 Transmittal Sheet April 8, 2014 VA Enterprise Risk Management (ERM) 1. REASON FOR ISSUE: This directive provides guidelines to help

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices A S I S I N T E R N A T I O N A L Supply Chain Risk Management: Risk Assessment A Compilation of Best Practices ANSI/ASIS/RIMS SCRM.1-2014 RA.1-2015 STANDARD The worldwide leader in security standards

More information

CDC UNIFIED PROCESS PRACTICES GUIDE

CDC UNIFIED PROCESS PRACTICES GUIDE Document Purpose The purpose of this document is to provide guidance on the practice of Quality Management and to describe the practice overview, requirements, best practices, activities, and key terms

More information

May 2011. Wilfrid Laurier University Enterprise Risk Management Draft Final Report

May 2011. Wilfrid Laurier University Enterprise Risk Management Draft Final Report May 2011 Wilfrid Laurier University Enterprise Risk Management Draft Final Report Table of contents Introduction 2 What we heard 8 Risk management current and desired state 20 Operationalizing ERM Opportunities

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information