How to measure your business resiliency

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "How to measure your business resiliency"

Transcription

1 How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic

2 Abstract Business Continuity Management is the process, not just a one-time project activity. In order to control the alignment between the BC plans and business as usual as well as synchronize the changes, it is required to setup the scorecard based measurement process. The set of KPI's and KRI's is aimed to visualize the maturity of BCM, risk vs. lost metrics and level of protection mechanisms against the business requirement. I will present the business resiliency scorecard framework with special focus on the methods of data gathering and integration with IT infrastructure landscape.

3 Agenda Why to measure? What to measure? How to gather data? How to present results? How to do it in practical way? Key takeaways

4 KPI primer KPI/KRI fundamentals Key performance indicator(kpi) is a measure of performance, commonly used to help an organization define and evaluate how successful it is, typically in terms of making progress towards its long-term organizational goals. Key Risk Indicators Measures are used to indicate how risky an activity is. KRI give us an early warning to identify potential event that may harm continuity of the process From row data to metrics Details raw information Metrics are refined data KPIs are metrics with businesscontext Business context makes security relevant A Key Performance Indicator Must be something that can be measured and continued to be measured Must be precise, meaningful and understandable Must be relevant to the business May be required by legislation and/or Regulations Must have a measurement index that has meaning Should be tied to the organization s vision and strategy

5 Why to measure? You can control only the things you can really measure To understand the overall readiness level of your company To plan and assess the risk based on the statistic and past experience Executives love metrics and dashboards. Always time-constrained, they ask for metrics that can be reviewed at a glance Money talks - especially when you speak with your CFO C-level managers are used to percept from KPI s- give it to them Justify your security investments based on the measurable objectives The KPIs can be used to help comply with legislative or regulatory requirements

6 What to measure? Recoverability Planning Compliance Technology BC project Can our organization be recovered within our tolerance for downtime? Status and results of planning activities Regulatory and audit point of view What are the IT risks and Disaster Recovery capabilitets? Project management based reporting Incidents statistic How did we react? Testing execution times vs. RTO requirements BIA overview Risk assessment results Processes covered by BCP BCM Maturity Compliancy level Risk assessment results IT infrastructure IT services SLA Service Desk Business RTO/RPO vs. technology capabilities Milestones passed Financial spent FTE effort Work (time/mdto complete Overdues Minimum operational teams

7 BIA overview Tactical view on the BIA requirements # of Department- Business Impact Analyses vs. Total Expected # of Department- Table Top Exercises Completed vs. Total Expected # of Supplier Business Continuity Assessments Completed vs. Total Number of Critical Suppliers Ten top processes (based on criticality score) Most critical assets RTO/RPO distribution Estimated financial loss overt time Example BIA dashboard (BCMLOGIC.COM software suite)

8 BIA per business unit Tactical view on the BIA requirements defined at the level of each business unit Financial impact over time Time wise One day stop Reputation impact Formal and Legal impact Number of scenarios affecting the business unit Required assets (MAC) Minimum operational team vs. total unit headcount Critical processes vs. all processes handled by unit Radar chart allows to visualize benchmarking Business Unit X Criticality Business Process BIA Updated Plan Updated Tested 1 Call Center customer support Yes Yes Yes 2 Accounts Payable Yes No No 1 Liquidity managment No No No Criticality Business Process Business Unit X Recovery Objective Recovery Capability (based on most recent test) 1 Call Center customer support 4 hours 8 hours 4 hours 2 Accounts Payable 2 hours 1 hour 1 hour 1 Liquidity managment 2 days 2 days 0 Gap

9 BIA per business process Criticality level defined for each process Prioritize the BC process list based on: Business impact when interrupted Vulnerability of underlying assets Risk level Rank processes criticality among different business units/ entities

10 Impact High Risk assessment/ Risk appetite Defined scenarios are depicted based on the probability and impact Example scenarios Main office building unavaliabilkyt Data Center outage Example scenarios Data Center AC failure WAN link down PLAN ACCEPT AVOID/ ELIMINATE MONITOR Example scenarios Short power outage Modarate staff absence Example scenarios IT infrastructure production load pick performance downgrade Low Probability High

11 Readiness level BCM management objective Proper crisis situation management (incident management, start-up and implementation of the recovery tasks) Eliminating the potential effects of process interruption Providing processes resume after the crisis situation Continuous development and improvement of BCM Example KPI Number of reported incidents The ratio of the risk response plans for scenarios of potential threats Number of incidents that were not closed before crossing the processes RTO that are related to. Incidents can be divided into: - incidents that concerned the processes associated with financial impact - incidents that concerned the processes associated with reputation impact - incidents that concerned the processes associated with law impact The ratio of recovery tasks completed successfully for all recovery tasks Number of performed BCM tests The ratio of the number of BCM plan tests completed successfully for all BCM plan tests at this time Number of risk which probability or potential impact was reduced after implementation BCM corrective tasks To report the progress of BCP project: How many process have contingency measures How many scenarios are planned How many solutions tested

12 IT services management Monitor and visualize critical service conditions Example BIA dashboard (CONTINUITYSOFTWARE.COM)

13 Example KPIs Typical examples of BC KPIs that can be included in a BC Policy Document: Level of disruption response/recovery time Time to detect disruptions Time to trigger action to disruption events Time to complete recovery action Time to declare `business as usual' Level of business continuity testing/exercising/audit Level of service delivery and quality acknowledgement by clients? Level of knowledge of business continuity awareness/acceptance/culture Level of availability and/or knowledge of alternative fall-back to critical resources (human/ technical/ location) Level of effectiveness of Service level agreements

14 Effectiveness of Investment KPIs can be used to measure the Effectiveness of Investment (EOI) A Return on Investment (ROI) for business continuity is difficult to measure since risk, and especially risk reduction, is challenging to quantify in terms of money The Effectiveness of Investment (EOI) could be the comparison of the effectiveness of the resiliency measures with the value of the investment Proper KPI/KRI reporting may also provide a financial institution the ability to reduce the percentage of reserve required to offset operational risk defined by the Basel II, Solvency High Cost Equilibrium Loss Risk Low Protection High

15 How to gather data? Methods Retrieve information from IT systems Data base interface (direct or ETL) API Gather information from people Automated forms workflow (reporting) Sources Service Desk system (incidents, time to resolve) IT infrastructure monitoring (alerts, up/downtime, service level) BPM (process effectiveness) PMO (project reporting) Call Center People (line managers)

16 How to visualize? The reporting mechanism must support three purposes Highlight or alert whether business expected targets are being not met Provide trending and an overview of performance indicators Provide details that pinpoint which areas within each performance indicator require actions

17 KPI reporting audience Each audience may require different information and different presentation C-level Managers Business units IT Value at Risk Complikancy level BC scope and cost Business continuity events IT service availability E2E process SLA Customer service level Customer service downtime IT infrastructure failures MTTR RTO /RPO DR testing Critical services incidents The level of aggregation and or abstraction required may vary considerably You may not want to talk about number of backup site workstations to the Chairman of the Board! Don t assume that the higher the level, the simpler the presentation

18 How to do it in practical way? Define (smart) KPI Identify the KPI stakeholders (RACI) Understand where information resist Leverage the available data to link the KPIs to other key operational metrics that include both technology and process metrics Integrate with other systems and applications Use existing reporting capabilities to establish periodical reporting You can use MS Excel or one of the specialized tools Share the information across the organization Make the KPIs actionable

19 KPI reporting mistakes Lack of management commitment Measuring too much, too soon Measuring too little, too late Measuring the wrong things Imprecise KPI definitions Using KPI data to evaluate individuals Using KPI to motivate, rather than to understand Collecting data that is not used Lack of communication and training

20 Key takeaways 1. Define measurable objectives of the BCM process 2. Utilize existing data sources 3. Learn from the past 4. Align the results presentation to the audience 5. KPIs can be used to help comply with legislative or regulatory requirements

21 Questions

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Measuring The Value of Information Security. Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011

Measuring The Value of Information Security. Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011 Measuring The Value of Information Security Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011 Current Challenges Organisations are facing In many service organizations, clients realize that

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Solving the Business Continuity Puzzle

Solving the Business Continuity Puzzle Solving the Business Continuity Puzzle Chris Copeland Assoc. Business Continuity Professional (ABCP) January 11, 2011 Session Overview Topics we will cover today: 1. Defining Business Continuity (BC) &

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical

More information

Preparing for the Convergence of Risk Management & Business Continuity

Preparing for the Convergence of Risk Management & Business Continuity Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet

More information

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A

More information

Business Continuity Planning. Presentation and. Direction

Business Continuity Planning. Presentation and. Direction Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Overview TECHIS60851. Manage information security business resilience activities

Overview TECHIS60851. Manage information security business resilience activities Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,

More information

Business Continuity / Disaster Recovery Context

Business Continuity / Disaster Recovery Context Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal

More information

> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight

> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight > State Street An Integrated Approach to Continuity Metrics & Progress Reporting Presented to: Continuity Insights May 2007 Presented by: Chris Glebus Continuity Organizational Structure Executive Management

More information

Business Continuity in Healthcare

Business Continuity in Healthcare Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,

More information

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Part two of a two-part series. If you read my first article in this series, Building a Business Continuity Program, you know that

More information

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal

More information

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes

More information

Contents. About Perpetuuiti. Continuity Vault. Continuity Patrol. Ops Central. Questions & Answers. Section 2. Section 3. Section 4.

Contents. About Perpetuuiti. Continuity Vault. Continuity Patrol. Ops Central. Questions & Answers. Section 2. Section 3. Section 4. Contents Section Agenda 1 About Perpetuuiti Section 2 Continuity Vault Section 3 Continuity Patrol Section 4 Ops Central Section 5 Questions & Answers About Perpetuuiti Realising gaps in availability management,

More information

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1 University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems. 1 Michigan Administrative Information Services (MAIS) MAIS is responsible for the production support of

More information

September 10, 2012. Determining Which Metrics to Gather. Selecting Your Business Continuity Metrics Tool Belt & Mapping Your Metrics Game Plan

September 10, 2012. Determining Which Metrics to Gather. Selecting Your Business Continuity Metrics Tool Belt & Mapping Your Metrics Game Plan All About Business Continuity Metrics Agenda Business Continuity Metrics 101 Determining Which Metrics to Gather Selecting Your Business Continuity Metrics Tool Belt & Mapping Your Metrics Game Plan Superpowered

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

ITSM Maturity Model. 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident management process exists

ITSM Maturity Model. 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident management process exists Incident ITSM Maturity Model 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident process exists Incident policies governing incident Incident urgency, impact and priority

More information

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis Application / Hardware - Business Impact Analysis Template The single most important thing we can do is help you understand the criticality of each application, supporting hardware/server/pc and the required

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

The Importance of Performance Metrics in Business Continuity Paul Kirvan, FBCI, CISA

The Importance of Performance Metrics in Business Continuity Paul Kirvan, FBCI, CISA The Importance of Performance Metrics in Business Continuity Paul Kirvan, FBCI, CISA BCM Advisory Services Board Member and Secretary The Business Continuity Institute USA Chapter Agenda Introduction Key

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

Metrics That Matter Supporting IT Decision and Strategy at the Senior Executive Level

Metrics That Matter Supporting IT Decision and Strategy at the Senior Executive Level Metrics That Matter Supporting IT Decision and Strategy at the Senior Executive Level Randy Steinberg Migration Technologies January 23, 2012 Inc. Pittsburgh itsmf Local Interest Group LIG Name goes here

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

Stepping Through the Business Continuity Plan Audit

Stepping Through the Business Continuity Plan Audit Stepping Through the Business Continuity Plan Audit Doug Menendez Graybar Electric Company Presentation to MidAmerica Contingency Planning Forum February 16, 2012 Introduction Whether it is from internal

More information

Guideline - Business Continuity Plan

Guideline - Business Continuity Plan Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Business Continuity Management Program Development Guide

Business Continuity Management Program Development Guide Business Continuity Management Program Development Guide Prepared by The NS Emergency Management Office, Winter 2012 Version 1.1 Page 2 of 24 Document Revision History Date Author Revision Notes Fall 2011

More information

Getting Your Business Back

Getting Your Business Back Getting Your Business Back Pulling Together Business Continuity, Crisis Management and Disaster Recovery Many organizations have a program (or programs) in place to keep operations going (or to resume

More information

D2-02_01 Disaster Recovery in the modern EPU

D2-02_01 Disaster Recovery in the modern EPU CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Business Continuity Management Software

Business Continuity Management Software Business Continuity Management (BCM) Software 1 Business Continuity Management Software All In One Continuity Management Solution A Single Platform Approach Manage entire lifecycle with comprehensive BC

More information

ITSM Process Maturity Assessment

ITSM Process Maturity Assessment ITSM Process Maturity Assessment April 2011 Prepared by: Brian Newcomb TABLE OF CONTENTS Executive Summary... 3 Detailed Assessment Results and Recommendations... 5 Advisory Group Survey Results (External

More information

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE When it comes to building a business continuity management (BCM) program that s complete, current, and compliant, there is no substitute for

More information

Business Continuity Overview

Business Continuity Overview Business Continuity Overview Beverley A. Retjos Senior Manager WW SWG Security & Controls 03/12/07 Business Continuity Management (BCM) Process of ensuring that a business is prepared to survive any disruption

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Factonomy Resilience. Enterprise Business Continuity

Factonomy Resilience. Enterprise Business Continuity Factonomy Resilience Enterprise Business Continuity BIA Wizard and Questionnaire: A highly configurable tool that will fit any methodology. BIA Surveys and Templates The Business Impact Analysis module

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time

More information

Disaster Recovery Plan The Business Imperatives

Disaster Recovery Plan The Business Imperatives Disaster Recovery Plan The Business Imperatives Table of Contents Disaster Recovery Plan The Business Imperatives... 3 Introduction... 3 A Disaster Recovery Program The Need of the Hour... 3 Approach to

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Using the ITSM Metrics Modeling Tool

Using the ITSM Metrics Modeling Tool Using the ITSM Metrics Modeling Tool ITSM Metrics Model Tool Overview The ITSM Metrics Model is a simple spreadsheet tool that can be used for a variety of measurement and reporting purposes. The model

More information

Enterprise Risk Services. Aware vs. committed where do you stand? Business continuity management

Enterprise Risk Services. Aware vs. committed where do you stand? Business continuity management Enterprise Risk Services vs. committed where do you stand? Business continuity management Business continuity management 1 Contents here Initial findings from the Deloitte 1 Global Business Continuity

More information

Aligning Disaster Recovery and Business Continuity to Business Objectives. Session E7 John Jackson Fusion Risk Management, Inc.

Aligning Disaster Recovery and Business Continuity to Business Objectives. Session E7 John Jackson Fusion Risk Management, Inc. Aligning Disaster Recovery and Business Continuity to Business Objectives Session E7 John Jackson Fusion Risk Management, Inc. Topics Business Drivers Resilience Defined Your RPO is zero (or close to it!)

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery

More information

The Difference Between Disaster Recovery and Business Continuance

The Difference Between Disaster Recovery and Business Continuance The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business

More information

Business Continuity Management Emerging Trends

Business Continuity Management Emerging Trends Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO 22301 LI Associate Director Axis Risk Consulting March 2013 Outline 2 1. Business

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31 The ABC s of BCP Jeremy Sucharski Governance Risk and Compliance G31 Jeremy Sucharski, CISA, CRISC Over 12 years of experience CISA and CRISC Certifications Governance, Risk and Compliance Practice Leader

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

Protecting your Enterprise

Protecting your Enterprise Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Tips and techniques a typical audit programme

Tips and techniques a typical audit programme Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities

More information

Presented By: Leah R. Smith, PMP. Ju ly, 2 011

Presented By: Leah R. Smith, PMP. Ju ly, 2 011 Presented By: Leah R. Smith, PMP Ju ly, 2 011 Business Intelligence is commonly defined as "the process of analyzing large amounts of corporate data, usually stored in large scale databases (such as a

More information

Business Continuity Part 2 Converting Risk Assessments to Risk Mitigation Activities to Business Recovery Plans

Business Continuity Part 2 Converting Risk Assessments to Risk Mitigation Activities to Business Recovery Plans Business Continuity Part 2 Converting Risk Assessments to Risk Mitigation Activities to Business Recovery Plans Howard Pierpont Intel Corporation Hillsboro, OR Jan 2005 Corporate Business Principles Intel

More information

Protecting Your Business

Protecting Your Business Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS Business Continuity/Disaster Recovery Planning 1 Agenda:

More information

A BCP Tale: From Theory to Practice

A BCP Tale: From Theory to Practice A BCP Tale: From Theory to Practice Presenter: Gord Novoselnik Problem & Configuration Manager, Enterprise Solutions Division, MTS Allstream Gord.Novoselnik@mtsallstream.com 1 10 Commandments of BCM I.

More information

White Paper. Lifecycle Disaster Recovery Costs

White Paper. Lifecycle Disaster Recovery Costs White Paper Lifecycle Disaster Recovery Costs Lifecycle Disaster Recovery Costs Do you really understand the costs to a financial institution for IT Disaster Recovery? Most professionals working in a

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting

More information

Foundation. Summary. ITIL and Services. Services - Delivering value to customers in the form of goods and services - End-to-end Service

Foundation. Summary. ITIL and Services. Services - Delivering value to customers in the form of goods and services - End-to-end Service ITIL ITIL Foundation Summary ITIL and s Design s - Delivering value to customers in the form of goods and services - End-to-end ITIL Best Practice - Scalable and not prescriptive - Gathered from Users,

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Disaster Recovery Policy

Disaster Recovery Policy Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

More information

Checklist of ISO 22301 Mandatory Documentation

Checklist of ISO 22301 Mandatory Documentation Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers

More information