RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Save this PDF as:
Size: px
Start display at page:

Download "RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief"

Transcription

1 RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet their objectives. Investors, customers and Boards of Directors are becoming more interested in management's capability to continue operations through a disruption and their ability to carry on the mission of the organization. Companies must have a central repository of real-time decision support tools that allow personnel to react quickly and effectively when crises occur that impact their employees, customers, operations or brand reputation. AT A GLANCE Leverage a pre-configured 3-in-1 integrated solution -- Risk and Impact Analysis, BC/DR Planning and Crisis Management Document standardized BC and DR plan Automate plan maintenance and testing with workflows, notifications and issue management Analyze criticality and risks of processes with integrated risk assessment and BIA Manage crisis events with phased notification plans; integrate with BC and DR plans Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause. BCM provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of key stakeholders, reputation, brand and value-creating activities. An increasing number of organizations are recognizing BCM as a mission-critical function. Many governmental and virtually all regulatory bodies around the world have incorporated some level of BCM requirements. There are three main drivers for this broad awareness of the importance of BCM: o 24/7 service delivery requirements that put greater pressure on business and IT resource availability o Globalization and an ever-expanding and increasingly complex supply chain o Increasing operations risk due to more frequent disruptive events CHALLENGES IN BUSINESS CONTINUITY AND DISASTER RECOVERY BCM is a top-level concern for enterprises, and it is vital to maintaining financial confidence and the reputation of the business. The growing number of terrorist attacks (starting with Sept. 11), 2003 power outages, the 2005 London bombings, the 2005 U.S. hurricanes, shootings at higher education institutions, floods in the U.K. and U.S., earthquakes in Haiti and Chile, volcanic ash in Iceland, the 2010 BP oil spill, the 2011 Japan earthquake/tsunami/nuclear radiation event, and other incidents are driving expanded scenario planning, coordination of public and private sectors, and an increased focus on legislating business continuity into business operations. Lack of effective continuity planning or inefficient recovery efforts can be extremely costly, resulting in unknown or unacceptable losses. Inefficient planning can also be costly, while not ensuring the organization can recover after an event. For example, a company that determines all their processes are critical and must be recovered SOLUTION OVERVIEW

2 immediately is expending effort and money that may not be needed. Conversely, the company that doesn t plan at all doesn t know what they don t know. Effective planning can do much to limit the financial losses resulting from a crisis. Regardless of events that occur, the organization must continue to function. Waiting for an event to occur to see how the organization reacts is a recipe for disaster. Organizations always learn from actual crises, but learning should be against plans that were put in place as opposed to the beginning of the process. The organization that takes measured proactive steps, and tests their plans will have a much more efficient and effective recovery effort. Adequately trained recovery personnel with comprehensive plans can take much of the worry and load off of management so they can continue to focus on running the business. However, even as organizations increasingly recognize BCM as a critical function, many of them face a myriad of challenges in implementing and maintaining business continuity (BC) and disaster recovery (DR) plans. Typically, static plan documentation is captured using multiple tools and inflexible systems that are costly to customize and upgrade. In addition, the processes for creating, approving, maintaining and testing BC/DR plans are uncoordinated. Compounding this lack of coordination, communication among BC, DR and crisis teams is minimal, providing limited shared visibility into new and emerging IT or LOB (line of business) risks that may impact the continuity or resilience of the company. There is little knowledge of which processes, technologies and other infrastructure components are highest priority for recovery based on their criticality to the business, with no accountability assigned for recovery. These issues make it difficult to report or prove to senior management that current BC/DR plans will work as planned. It also puts organizations at significant risk of continuity-related impacts. Business interruptions, ranging from isolated infrastructure failures to regional events, have the potential to cause serious financial harm and/or reputational impairment. Most organizations legacy business recovery strategies have considerable holes, with BCM strategies that address crisis management, business recovery or IT disaster recovery. However, if these disciplines exist, they are designed and developed separately and lack integration, with non-existent business and IT management support or high-level sponsorship, and minimal, if any, participation by key groups, such as operations, finance, IT, risk or security. BC accountability and responsibility remain unassigned.

3 An organization s recovery efforts are typically chaotic and ad hoc, relying on heroic measures. The organization lacks confidence in its ability to survive following a business interruption. Recovery goals, priorities and expectations were derived without risk assessments or BIAs. Business continuity strategies are ad hoc and documented BC plans do not exist. Testing, training and awareness processes have not been implemented, and management relies on untested or under-tested continuity-related processes to manage the effects of business interruptions. IT DR is often the most mature aspect of the continuity process, yet it is rarely wellcoordinated with BC or Crisis Management planning. Employees have limited knowledge regarding their roles during recovery, potentially impacting the likelihood of a successful response effort. BC or IT DR planning and testing does not evolve with the changing direction and priorities of the business. As changes occur in the organizations, processes, priorities and needs of the organization, risk assessments, BIAs and BC/DR plans need to evolve as well. THE IMPACT OF REGULATIONS ON BCM PROGRAMS Many industries and their regulations require some level of BCM governance, including publicly-traded companies and organizations involved in healthcare, government, finance and utilities. There are well over 100 regulations, methodologies, maturity models, guidelines and laws that have something to say about BC or DR. These authoritative sources can be regional, country-specific, industry-specific, topic-specific, offer practical advice, supply best practices and much more. One of the newest BCM standards is the long-awaited International Organization for Standardization (ISO) standard, which specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS). This standard represents an improvement in areas such as disaster response and crisis communications. It also makes executive governance the focal point of a BCM program, and this may make it more rigorous for some organizations to implement. As a result, many organizations are left with more questions than answers: which sources do we comply with and why? And once we figure that out, how do we handle conflicts between the sources and how do we prioritize them? Further to that point, how do we institute these requirements into our existing program? And if we do, will these authoritative sources provide us with good guidance or are they just a checklist of requirements? What if we re audited -- how do we prove our program is compliant? Finally, how do we explain and justify this to executives and business partners? These questions are being asked in BC/DR programs of all levels of maturity. In today s global business world, the one thing that is certain is change. Organizations must be vigilant for changes in the authoritative sources they follow, as well as new sources that emerge and related implications on their business and BCM program. Companies must also be aware of changes to their business, such as acquisitions which may require additional authoritative sources, divestitures which may reduce sources that need to comply with, or other business changes that may have downstream effects on their BCM program.

4 MOVING BC AND DR MANAGEMENT TO THE NEXT LEVEL In order for organizations to move their BC and DR management forward the following key areas need to be considered: Bringing business context into BC and DR planning: How do you know what s important without knowing the criticality of your business? Which processes are most critical? What are the right recovery objectives? What IT assets support which business processes and, as a result, inherit the same recovery needs? These are all questions that need to be answered in the course of determining recovery priorities, strategies, testing and activation. A centralized business process and asset repository tied to the supporting IT assets enables management to catalog and organize their infrastructure to determine what there is to recover and how they re associated. Align BC and DR planning with the business priorities The ISO standard recommends that BCM be aligned to the business priorities and strategic objectives of the organization in a flexible enough way to adapt and react to changing priorities. Businesses are fluid. Things change. Priorities are evaluated on a regular basis why shouldn t BCM planning and execution follow that pattern? Recovery strategies that fit in one part of the world or in a particular situation may not in another. The question must be asked do our recovery priorities and strategies address the true risks and potentially disruptive events? If not, then BCM is no more than a paper exercise but won t necessarily enable the organization to survive through a true disaster. Management can then take that business process listing and asset catalog and begin to determine criticality and recovery priorities, such as Recovery Time Objective (RTO). Separate groups that want to define these priorities will have a central methodology, approach and tool to do so. The results of the BIAs can be used for a myriad of activities, such as Threat Management, Risk Management and Compliance. Integrate Crisis Management and BC/DR Planning It s one thing to muddle through a crisis event, being saved by heroic efforts, and quite another to have adequately planned and proactively managed the event through to resolution, and then activated the right BC/DR plans and recovered disrupted processes and assets within recovery objectives. This is a monumental challenge for most organizations. It is critical to have the right toolset and operational processes that blend together to enable crisis management to happen effectively. Testing, testing and more testing not only BC/DR plans but also crisis management leads to a better chance of success. Manage the overall program Bringing it all together, from planning to testing to execution, and then reporting on it, improving it and doing it all again. Keeping the BCM program in line with changes in the organization, regulations, new business and other internal and external factors is critical. An effective BCM program requires executive attention and prioritization. This occurs through having an effective and reportable BCM program in place that is proven to understand and respond to the needs of the organization and that can especially recover after a disruption.

5 Crisis Management Communications Activation Event Management BC/DR Planning Recovery Plans Resources Plan Testing Plan Maintenance Operations Program Monitoring Enterprise Management Visibility Business and IT Context Business Assets IT Assets Prioritization, Criticality, Recovery Objectives Risk and Impact Analysis Business Impact Analysis BC Risk Assessment WHY RSA ARCHER FOR BCM AND OPERATIONS? RSA Archer Business Continuity Management (BCM) offers a three-in-one approach to business continuity, disaster recovery and crisis management in a single management system. It allows organizations to respond swiftly in crisis situations to protect ongoing operations, assess the criticality of their business processes and supporting technologies, and then develop detailed business continuity and disaster recovery plans, utilizing automated workflow for plan testing and approval. RSA Archer BCM was developed through collaboration with Fortune 1000 clients and operational risk experts from Accenture, Deloitte & Touche, E&Y, KPMG and Wipro. With RSA Archer Business Continuity Management, continuity planning is aligned with the organization s priorities and business objectives, and recovery strategies and plans are welldesigned and tested utilizing a consistent BC/DR process and methodology so appropriate personnel know what to do in crisis situations. Organizations can manage plan execution and communication in crisis situations to minimize harm to employees, customers, reputation and business operations.

6 RSA Archer BCM enables automated, up-to-date BC/DR plans for the organization s latest environments and business processes to be easily accessed during a disruption of service. Consistent processes provide visibility into the current state of the organization s plan statuses, review dates, test results, test remediation statuses and crisis tasks, enabling collaboration across BC, DR and crisis teams. Crisis personnel can efficiently respond to a crisis event with documented, step-by-step procedures. BC/DR plans are linked to the company s repository of processes, assets, facilities and contacts, enabling plans to be aligned with the organization s business priorities and establishing accountability. Senior management has an understanding of the continuity risks, insight into needed budget requirements and a level of confidence that a plan is in place if a crisis occurs. RSA Archer provides out-of-the-box expertise in regulations, threats and best practices that come with the RSA Archer BCM solution, saving customers significant time and resources managing security, risk and compliance. Mobile capabilities to access BC, DR and CM plans and recovery tasks from any location during a crisis A user-friendly interface that allows business users to make changes with no custom code Integration of business continuity into an organization s larger GRC program enabling consistent measurement and reporting of risk across the enterprise Centralize and coordinate risk assessment, BIAs, business continuity and IT disaster recovery plans, and crisis management RISK AND IMPACT ANALYSIS The BCM Risk Register enables customers to identify, evaluate and plan for risks that may impact their business. The Business Impact Analysis collects information on each business process related to its criticality, recovery time objective (RTO) and recovery point objective (RPO), and shares it among interdependent teams in a simple, consistent format.

7 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Develop detailed recovery plans for business processes or IT assets, utilizing automated workflow for plan testing and approval. The application provides a method to document the results of BC/DR plan tests, ownership and workflow. CRISIS MANAGEMENT AND RESPONSE Report and manage crisis events, send emergency notifications to communicate crisis information to appropriate personnel, and activate BC/DR plans to recover disrupted business operations, facilities or IT infrastructure. OPERATIONAL COLLABORATION ACROSS THE BUSINESS Integrate RSA Archer BCM with RSA Archer Enterprise Management to relate BCM components such as risks, BIAs, recovery plans or crises to organizational units (e.g., divisions, business units) and infrastructure (e.g., processes, facilities, IT applications or vital records) for visibility, ownership and reporting. Tie BC/DR plans directly to a repository of business hierarchy and enterprise infrastructure. Integrate with other GRC processes, such as enterprise risk management, incident management or third party management to align recovery efforts with organizational objectives and priorities. Assess recovery readiness and determine compliance with key authoritative sources or methodologies. BCM MOBILE APPLICATION Organizations can leverage the RSA Archer BCM mobile application to view BC/DR plans, strategies, calling trees and requirements according to user role. This supplements hard copy plans for availability at any location during a crisis event to enable rapid response. The mobile application enables organizations to obtain true high availability for BC/DR plans via offline access in the event that the data center is not available.

8 EGRC PLATFORM The RSA Archer egrc Platform supports business-level management of governance, risk and compliance. As the foundation for all RSA Archer egrc Solutions, the Platform can be adapted to an organization s requirements and integrated with other systems without touching a single line of code. It is a common, flexible platform for process automation, integration and reporting, enabling business users to administer their BC/DR/Crisis business processes. The Platform provides a consistent, easy to use workflow and notifications, with real-time reporting and dashboards providing visibility into BC/DR/Crisis activities and statuses. EGRC CONTENT LIBRARY The RSA Archer egrc Content Library provides the industry s most comprehensive knowledgebase of enterprise governance risk, and compliance (egrc) content. The Library includes best-practice policies, control standards, control procedures, assessment questions and authoritative sources, pre-mapped to jump-start your reporting. EGRC COMMUNITY The Archer egrc Community provides an online network with a membership of more than 9,500 governance, risk and compliance professionals enabling members to collaborate on egrc and BCM challenges, trends and provide guidance for future product enhancements. RSA ARCHER PROFESSIONAL SERVICES AND EMC CONSULTING SERVICES RSA Archer offers BC, DR and CM process consulting from RSA Archer egrc implementation consultants and EMC BC/DR experts. CONCLUSION Successful BCM programs begin with central program management; incorporate a basic methodology or approach; integrate people that are part of a central program as well as throughout the business and IT; and leverage toolsets that facilitate and make the process more efficient and seamless. With RSA s Business Continuity Management and Operations solution, organizations can deploy a holistic management process to prepare for possible disruptions to business processes, manage crises and manage risks to business operations. Organizations can automate their approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution. CONTACT US To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller or visit us at EMC 2, EMC, the EMC logo and RSA Archer are registered trademarks of EMC Corporation in the United States and other countries. VMware is a registered trademark of VMware, Inc., in the United States and other jurisdictions. Copyright 2012 EMC Corporation. All rights reserved. Published in the USA. 01/13 EMC Perspective EMC believes the information in this document is accurate as of its publication date. The information is subject to change without notice.

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user

More information

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business

More information

RSA Archer Risk Intelligence

RSA Archer Risk Intelligence RSA Archer Risk Intelligence Harnessing Risk to Exploit Opportunity June 4, 2014 Steve Schlarman GRC Strategist 1 Risk and Compliance Where is it today? 2 Governance, Risk, & Compliance Today 3 4 A New

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

How RSA has helped EMC to secure its Virtual Infrastructure

How RSA has helped EMC to secure its Virtual Infrastructure How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER

FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER As a board-level discussion topic at all financial institutions (FI) today, operational risk is real and public disclosure of significant

More information

The Role of Internal Audit In Business Continuity Planning

The Role of Internal Audit In Business Continuity Planning The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

Getting Your Business Back

Getting Your Business Back Getting Your Business Back Pulling Together Business Continuity, Crisis Management and Disaster Recovery Many organizations have a program (or programs) in place to keep operations going (or to resume

More information

BT Conferencing Business Continuity Management. Planning to stay in business

BT Conferencing Business Continuity Management. Planning to stay in business BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE When it comes to building a business continuity management (BCM) program that s complete, current, and compliant, there is no substitute for

More information

Business Continuity Management Emerging Trends

Business Continuity Management Emerging Trends Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO 22301 LI Associate Director Axis Risk Consulting March 2013 Outline 2 1. Business

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning Public Entities Risk Management Forum 5 th July 2012 Presented by Mark Penberthy FBCI Overcoming Practical Challenges Business Continuity Management (BCM) AGENDA 1. What is

More information

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive

More information

Factonomy Resilience. Enterprise Business Continuity

Factonomy Resilience. Enterprise Business Continuity Factonomy Resilience Enterprise Business Continuity BIA Wizard and Questionnaire: A highly configurable tool that will fit any methodology. BIA Surveys and Templates The Business Impact Analysis module

More information

Coping with a major business disruption. Some practical advice

Coping with a major business disruption. Some practical advice Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Top 7 Best Practices for IT Service Continuity

Top 7 Best Practices for IT Service Continuity Top 7 Best Practices for IT Service Continuity Who should read this paper Organizational leads that influence and make decisions on Business Continuity practices for the business IT service continuity

More information

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM A WHITE PAPER CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM AUTHORS: Neil A. Smith, MBCP nsmith24@csc.com Sandra Riddell, MBCI sriddel4@csc.com CSC Papers 2013 ABSTRACT The auditors said

More information

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Business Continuity Management Systems. Protecting for tomorrow by building resilience today Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

Introduction to Business Continuity Planning

Introduction to Business Continuity Planning Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute

More information

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education RSA Archer Training Governance, Risk and Compliance Managing enterprise-wide governance, risk and compliance through training and education www.emc.com/rsa-training 1 RSA Archer Training Table of Contents

More information

Business Continuity Management Software

Business Continuity Management Software Business Continuity Management (BCM) Software 1 Business Continuity Management Software All In One Continuity Management Solution A Single Platform Approach Manage entire lifecycle with comprehensive BC

More information

Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems

Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems 9 April, 2008 2 Presentation content Drivers for Business Continuity Standards and definitions.

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Preparing for the Convergence of Risk Management & Business Continuity

Preparing for the Convergence of Risk Management & Business Continuity Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

AN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION

AN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION AN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION Five key success factors IT organizations today are under constant business pressure to transform their infrastructure to reduce costs, increase

More information

Business Continuity Standards A Primer

Business Continuity Standards A Primer INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.

More information

BS 25999 BUSINESS CONTINUITY MANAGEMENT

BS 25999 BUSINESS CONTINUITY MANAGEMENT BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,

More information

PCI DSS READINESS AND RESPONSE

PCI DSS READINESS AND RESPONSE PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and

More information

Masterminding Data Governance

Masterminding Data Governance Why Data Governance Matters The Five Critical Steps for Data Governance Data Governance and BackOffice Associates Masterminding Data Governance 1 of 11 A 5-step strategic roadmap to sustainable data quality

More information

Making Compliance Work for You

Making Compliance Work for You white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by

More information

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy. June 23, 2015

Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy. June 23, 2015 Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy June 23, 2015 What is egrc? A management system for compliance requirements, policies, risk

More information

w w w. s t r a t u s. c o m

w w w. s t r a t u s. c o m Managed Services Buying Guide Eight ways to sustain 99.999% SLAs for vital business processes. In the real world. w w w. s t r a t u s. c o m Mission-critical SLAs demand mission-critical managed services.

More information

The seven essential practices for effective business continuity management

The seven essential practices for effective business continuity management IBM Global Technology Services Thought Leadership White Paper April 2014 The seven essential practices for effective business continuity management Building a business-centric program to help reduce risk

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,

More information

Business Continuity Planning. Description and Framework. White Paper. Preface. Contents

Business Continuity Planning. Description and Framework. White Paper. Preface. Contents Comprehensive Consulting Solutions, Inc. Business Savvy. IT Smart. Business Continuity Planning White Paper Published: April 2001 (with revisions) Business Continuity Planning Description and Framework

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

CA Service Desk On-Demand

CA Service Desk On-Demand PRODUCT BRIEF: CA SERVICE DESK ON DEMAND -Demand Demand is a versatile, ready-to-use IT support solution delivered On Demand to help you build a superior Request, Incident, Change and Problem solving system.

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

GETTING STARTED WITH DISASTER RECOVERY PLANNING

GETTING STARTED WITH DISASTER RECOVERY PLANNING GETTING STARTED WITH DISASTER RECOVERY PLANNING Ten misperceptions, Five best practices EMC PERSPECTIVE Natural and man-made events plus the technology innovations of the 21st century have heightened awareness

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Business Risk Consulting Group. Strengthening Business Resilience

Business Risk Consulting Group. Strengthening Business Resilience Business Risk Consulting Group Strengthening Business Resilience From our board of directors viewpoint on corporate governance, the business impact analysis allowed us to demonstrate that we had considered,

More information

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations Boost BCM Program Maturity: Arm Your Team with the Right Tools Jason Zimmerman Vice President Operations Gartner Rates Incident Management Systems Benefit High In their 2014 Hype Cycle Report, Gartner

More information

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC TOP RISKS: THE WORLD WITHOUT GRC LACK OF ENTERPRISE-WIDE VISIBILITY Every organizational unit has some level of risk it must address.

More information

EMC HYBRID CLOUD FOR SAP

EMC HYBRID CLOUD FOR SAP White Paper EMC HYBRID CLOUD FOR SAP Centralize compliance information into a single repository Automate application control verification Integrate RSA Archer with SAP EMC Solutions Abstract This White

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve

More information

SMART Considerations for Active Directory Migration. A Strategic View and Best Practices for Migrating the Corporate Directory

SMART Considerations for Active Directory Migration. A Strategic View and Best Practices for Migrating the Corporate Directory SMART Considerations for Active Directory Migration A Strategic View and Best Practices for Migrating the Corporate Directory Table of Contents Introduction: The Strategic View of Active Directory Migrations...

More information

CA Service Desk Manager

CA Service Desk Manager DATA SHEET CA Service Desk Manager CA Service Desk Manager (CA SDM), on-premise or on-demand, is designed to help you prevent service disruptions, better manage change risks, and provides a 360-degree

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

DESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST

DESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST CONTENTS A Brief Introduction... 3 Where is the Value?... 3 How Can We Control Costs?... 5 The Delivery Mechanism... 7 Strategies to Deliver Training and Awareness... 8 Proving Training/Awareness Program

More information

BUSINESS RESILIENCE READY OR NOT

BUSINESS RESILIENCE READY OR NOT BUSINESS RESILIENCE READY OR NOT EDC Whitepaper 2014 Table of Contents Executive Summary 2 Need for Effective BCM 2 Government requirements for BCM 4 The Challenge - Disasters and Threats 4 Pandemic and

More information

2008-2009 2008-2009 TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY

2008-2009 2008-2009 TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY 2008-2009 The Second Annual Trends in Business Continuity and Crisis Communications Survey has been completed with over 700 participants from a wide range of industries and organizational sizes. The Disaster

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

CA Service Desk Manager

CA Service Desk Manager PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES

More information

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical

More information

Top 7. Best Practices for Business Continuity

Top 7. Best Practices for Business Continuity Business continuity undoubtedly is at or near the very top of every IT organization s list of strategic initiatives, considering the dramatic costs and implications of downtime. Here are some best practices

More information

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business

More information

Skelta BPM and High Availability

Skelta BPM and High Availability Skelta BPM and High Availability Introduction Companies are now adopting cloud for hosting their business process management (BPM) tools. BPM on cloud can help control costs, optimize business processes

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Leveraging a Maturity Model to Achieve Proactive Compliance

Leveraging a Maturity Model to Achieve Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................

More information