RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
|
|
- Ralph Pope
- 8 years ago
- Views:
Transcription
1 RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet their objectives. Investors, customers and Boards of Directors are becoming more interested in management's capability to continue operations through a disruption and their ability to carry on the mission of the organization. Companies must have a central repository of real-time decision support tools that allow personnel to react quickly and effectively when crises occur that impact their employees, customers, operations or brand reputation. AT A GLANCE Leverage a pre-configured 3-in-1 integrated solution -- Risk and Impact Analysis, BC/DR Planning and Crisis Management Document standardized BC and DR plan Automate plan maintenance and testing with workflows, notifications and issue management Analyze criticality and risks of processes with integrated risk assessment and BIA Manage crisis events with phased notification plans; integrate with BC and DR plans Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause. BCM provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of key stakeholders, reputation, brand and value-creating activities. An increasing number of organizations are recognizing BCM as a mission-critical function. Many governmental and virtually all regulatory bodies around the world have incorporated some level of BCM requirements. There are three main drivers for this broad awareness of the importance of BCM: o 24/7 service delivery requirements that put greater pressure on business and IT resource availability o Globalization and an ever-expanding and increasingly complex supply chain o Increasing operations risk due to more frequent disruptive events CHALLENGES IN BUSINESS CONTINUITY AND DISASTER RECOVERY BCM is a top-level concern for enterprises, and it is vital to maintaining financial confidence and the reputation of the business. The growing number of terrorist attacks (starting with Sept. 11), 2003 power outages, the 2005 London bombings, the 2005 U.S. hurricanes, shootings at higher education institutions, floods in the U.K. and U.S., earthquakes in Haiti and Chile, volcanic ash in Iceland, the 2010 BP oil spill, the 2011 Japan earthquake/tsunami/nuclear radiation event, and other incidents are driving expanded scenario planning, coordination of public and private sectors, and an increased focus on legislating business continuity into business operations. Lack of effective continuity planning or inefficient recovery efforts can be extremely costly, resulting in unknown or unacceptable losses. Inefficient planning can also be costly, while not ensuring the organization can recover after an event. For example, a company that determines all their processes are critical and must be recovered SOLUTION OVERVIEW
2 immediately is expending effort and money that may not be needed. Conversely, the company that doesn t plan at all doesn t know what they don t know. Effective planning can do much to limit the financial losses resulting from a crisis. Regardless of events that occur, the organization must continue to function. Waiting for an event to occur to see how the organization reacts is a recipe for disaster. Organizations always learn from actual crises, but learning should be against plans that were put in place as opposed to the beginning of the process. The organization that takes measured proactive steps, and tests their plans will have a much more efficient and effective recovery effort. Adequately trained recovery personnel with comprehensive plans can take much of the worry and load off of management so they can continue to focus on running the business. However, even as organizations increasingly recognize BCM as a critical function, many of them face a myriad of challenges in implementing and maintaining business continuity (BC) and disaster recovery (DR) plans. Typically, static plan documentation is captured using multiple tools and inflexible systems that are costly to customize and upgrade. In addition, the processes for creating, approving, maintaining and testing BC/DR plans are uncoordinated. Compounding this lack of coordination, communication among BC, DR and crisis teams is minimal, providing limited shared visibility into new and emerging IT or LOB (line of business) risks that may impact the continuity or resilience of the company. There is little knowledge of which processes, technologies and other infrastructure components are highest priority for recovery based on their criticality to the business, with no accountability assigned for recovery. These issues make it difficult to report or prove to senior management that current BC/DR plans will work as planned. It also puts organizations at significant risk of continuity-related impacts. Business interruptions, ranging from isolated infrastructure failures to regional events, have the potential to cause serious financial harm and/or reputational impairment. Most organizations legacy business recovery strategies have considerable holes, with BCM strategies that address crisis management, business recovery or IT disaster recovery. However, if these disciplines exist, they are designed and developed separately and lack integration, with non-existent business and IT management support or high-level sponsorship, and minimal, if any, participation by key groups, such as operations, finance, IT, risk or security. BC accountability and responsibility remain unassigned.
3 An organization s recovery efforts are typically chaotic and ad hoc, relying on heroic measures. The organization lacks confidence in its ability to survive following a business interruption. Recovery goals, priorities and expectations were derived without risk assessments or BIAs. Business continuity strategies are ad hoc and documented BC plans do not exist. Testing, training and awareness processes have not been implemented, and management relies on untested or under-tested continuity-related processes to manage the effects of business interruptions. IT DR is often the most mature aspect of the continuity process, yet it is rarely wellcoordinated with BC or Crisis Management planning. Employees have limited knowledge regarding their roles during recovery, potentially impacting the likelihood of a successful response effort. BC or IT DR planning and testing does not evolve with the changing direction and priorities of the business. As changes occur in the organizations, processes, priorities and needs of the organization, risk assessments, BIAs and BC/DR plans need to evolve as well. THE IMPACT OF REGULATIONS ON BCM PROGRAMS Many industries and their regulations require some level of BCM governance, including publicly-traded companies and organizations involved in healthcare, government, finance and utilities. There are well over 100 regulations, methodologies, maturity models, guidelines and laws that have something to say about BC or DR. These authoritative sources can be regional, country-specific, industry-specific, topic-specific, offer practical advice, supply best practices and much more. One of the newest BCM standards is the long-awaited International Organization for Standardization (ISO) standard, which specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS). This standard represents an improvement in areas such as disaster response and crisis communications. It also makes executive governance the focal point of a BCM program, and this may make it more rigorous for some organizations to implement. As a result, many organizations are left with more questions than answers: which sources do we comply with and why? And once we figure that out, how do we handle conflicts between the sources and how do we prioritize them? Further to that point, how do we institute these requirements into our existing program? And if we do, will these authoritative sources provide us with good guidance or are they just a checklist of requirements? What if we re audited -- how do we prove our program is compliant? Finally, how do we explain and justify this to executives and business partners? These questions are being asked in BC/DR programs of all levels of maturity. In today s global business world, the one thing that is certain is change. Organizations must be vigilant for changes in the authoritative sources they follow, as well as new sources that emerge and related implications on their business and BCM program. Companies must also be aware of changes to their business, such as acquisitions which may require additional authoritative sources, divestitures which may reduce sources that need to comply with, or other business changes that may have downstream effects on their BCM program.
4 MOVING BC AND DR MANAGEMENT TO THE NEXT LEVEL In order for organizations to move their BC and DR management forward the following key areas need to be considered: Bringing business context into BC and DR planning: How do you know what s important without knowing the criticality of your business? Which processes are most critical? What are the right recovery objectives? What IT assets support which business processes and, as a result, inherit the same recovery needs? These are all questions that need to be answered in the course of determining recovery priorities, strategies, testing and activation. A centralized business process and asset repository tied to the supporting IT assets enables management to catalog and organize their infrastructure to determine what there is to recover and how they re associated. Align BC and DR planning with the business priorities The ISO standard recommends that BCM be aligned to the business priorities and strategic objectives of the organization in a flexible enough way to adapt and react to changing priorities. Businesses are fluid. Things change. Priorities are evaluated on a regular basis why shouldn t BCM planning and execution follow that pattern? Recovery strategies that fit in one part of the world or in a particular situation may not in another. The question must be asked do our recovery priorities and strategies address the true risks and potentially disruptive events? If not, then BCM is no more than a paper exercise but won t necessarily enable the organization to survive through a true disaster. Management can then take that business process listing and asset catalog and begin to determine criticality and recovery priorities, such as Recovery Time Objective (RTO). Separate groups that want to define these priorities will have a central methodology, approach and tool to do so. The results of the BIAs can be used for a myriad of activities, such as Threat Management, Risk Management and Compliance. Integrate Crisis Management and BC/DR Planning It s one thing to muddle through a crisis event, being saved by heroic efforts, and quite another to have adequately planned and proactively managed the event through to resolution, and then activated the right BC/DR plans and recovered disrupted processes and assets within recovery objectives. This is a monumental challenge for most organizations. It is critical to have the right toolset and operational processes that blend together to enable crisis management to happen effectively. Testing, testing and more testing not only BC/DR plans but also crisis management leads to a better chance of success. Manage the overall program Bringing it all together, from planning to testing to execution, and then reporting on it, improving it and doing it all again. Keeping the BCM program in line with changes in the organization, regulations, new business and other internal and external factors is critical. An effective BCM program requires executive attention and prioritization. This occurs through having an effective and reportable BCM program in place that is proven to understand and respond to the needs of the organization and that can especially recover after a disruption.
5 Crisis Management Communications Activation Event Management BC/DR Planning Recovery Plans Resources Plan Testing Plan Maintenance Operations Program Monitoring Enterprise Management Visibility Business and IT Context Business Assets IT Assets Prioritization, Criticality, Recovery Objectives Risk and Impact Analysis Business Impact Analysis BC Risk Assessment WHY RSA ARCHER FOR BCM AND OPERATIONS? RSA Archer Business Continuity Management (BCM) offers a three-in-one approach to business continuity, disaster recovery and crisis management in a single management system. It allows organizations to respond swiftly in crisis situations to protect ongoing operations, assess the criticality of their business processes and supporting technologies, and then develop detailed business continuity and disaster recovery plans, utilizing automated workflow for plan testing and approval. RSA Archer BCM was developed through collaboration with Fortune 1000 clients and operational risk experts from Accenture, Deloitte & Touche, E&Y, KPMG and Wipro. With RSA Archer Business Continuity Management, continuity planning is aligned with the organization s priorities and business objectives, and recovery strategies and plans are welldesigned and tested utilizing a consistent BC/DR process and methodology so appropriate personnel know what to do in crisis situations. Organizations can manage plan execution and communication in crisis situations to minimize harm to employees, customers, reputation and business operations.
6 RSA Archer BCM enables automated, up-to-date BC/DR plans for the organization s latest environments and business processes to be easily accessed during a disruption of service. Consistent processes provide visibility into the current state of the organization s plan statuses, review dates, test results, test remediation statuses and crisis tasks, enabling collaboration across BC, DR and crisis teams. Crisis personnel can efficiently respond to a crisis event with documented, step-by-step procedures. BC/DR plans are linked to the company s repository of processes, assets, facilities and contacts, enabling plans to be aligned with the organization s business priorities and establishing accountability. Senior management has an understanding of the continuity risks, insight into needed budget requirements and a level of confidence that a plan is in place if a crisis occurs. RSA Archer provides out-of-the-box expertise in regulations, threats and best practices that come with the RSA Archer BCM solution, saving customers significant time and resources managing security, risk and compliance. Mobile capabilities to access BC, DR and CM plans and recovery tasks from any location during a crisis A user-friendly interface that allows business users to make changes with no custom code Integration of business continuity into an organization s larger GRC program enabling consistent measurement and reporting of risk across the enterprise Centralize and coordinate risk assessment, BIAs, business continuity and IT disaster recovery plans, and crisis management RISK AND IMPACT ANALYSIS The BCM Risk Register enables customers to identify, evaluate and plan for risks that may impact their business. The Business Impact Analysis collects information on each business process related to its criticality, recovery time objective (RTO) and recovery point objective (RPO), and shares it among interdependent teams in a simple, consistent format.
7 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Develop detailed recovery plans for business processes or IT assets, utilizing automated workflow for plan testing and approval. The application provides a method to document the results of BC/DR plan tests, ownership and workflow. CRISIS MANAGEMENT AND RESPONSE Report and manage crisis events, send emergency notifications to communicate crisis information to appropriate personnel, and activate BC/DR plans to recover disrupted business operations, facilities or IT infrastructure. OPERATIONAL COLLABORATION ACROSS THE BUSINESS Integrate RSA Archer BCM with RSA Archer Enterprise Management to relate BCM components such as risks, BIAs, recovery plans or crises to organizational units (e.g., divisions, business units) and infrastructure (e.g., processes, facilities, IT applications or vital records) for visibility, ownership and reporting. Tie BC/DR plans directly to a repository of business hierarchy and enterprise infrastructure. Integrate with other GRC processes, such as enterprise risk management, incident management or third party management to align recovery efforts with organizational objectives and priorities. Assess recovery readiness and determine compliance with key authoritative sources or methodologies. BCM MOBILE APPLICATION Organizations can leverage the RSA Archer BCM mobile application to view BC/DR plans, strategies, calling trees and requirements according to user role. This supplements hard copy plans for availability at any location during a crisis event to enable rapid response. The mobile application enables organizations to obtain true high availability for BC/DR plans via offline access in the event that the data center is not available.
8 EGRC PLATFORM The RSA Archer egrc Platform supports business-level management of governance, risk and compliance. As the foundation for all RSA Archer egrc Solutions, the Platform can be adapted to an organization s requirements and integrated with other systems without touching a single line of code. It is a common, flexible platform for process automation, integration and reporting, enabling business users to administer their BC/DR/Crisis business processes. The Platform provides a consistent, easy to use workflow and notifications, with real-time reporting and dashboards providing visibility into BC/DR/Crisis activities and statuses. EGRC CONTENT LIBRARY The RSA Archer egrc Content Library provides the industry s most comprehensive knowledgebase of enterprise governance risk, and compliance (egrc) content. The Library includes best-practice policies, control standards, control procedures, assessment questions and authoritative sources, pre-mapped to jump-start your reporting. EGRC COMMUNITY The Archer egrc Community provides an online network with a membership of more than 9,500 governance, risk and compliance professionals enabling members to collaborate on egrc and BCM challenges, trends and provide guidance for future product enhancements. RSA ARCHER PROFESSIONAL SERVICES AND EMC CONSULTING SERVICES RSA Archer offers BC, DR and CM process consulting from RSA Archer egrc implementation consultants and EMC BC/DR experts. CONCLUSION Successful BCM programs begin with central program management; incorporate a basic methodology or approach; integrate people that are part of a central program as well as throughout the business and IT; and leverage toolsets that facilitate and make the process more efficient and seamless. With RSA s Business Continuity Management and Operations solution, organizations can deploy a holistic management process to prepare for possible disruptions to business processes, manage crises and manage risks to business operations. Organizations can automate their approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution. CONTACT US To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller or visit us at EMC 2, EMC, the EMC logo and RSA Archer are registered trademarks of EMC Corporation in the United States and other countries. VMware is a registered trademark of VMware, Inc., in the United States and other jurisdictions. Copyright 2012 EMC Corporation. All rights reserved. Published in the USA. 01/13 EMC Perspective EMC believes the information in this document is accurate as of its publication date. The information is subject to change without notice.
The Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationRSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures
More informationThe RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief
The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationBusiness Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009
Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More informationRSA Archer Risk Intelligence
RSA Archer Risk Intelligence Harnessing Risk to Exploit Opportunity June 4, 2014 Steve Schlarman GRC Strategist 1 Risk and Compliance Where is it today? 2 Governance, Risk, & Compliance Today 3 4 A New
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationHow RSA has helped EMC to secure its Virtual Infrastructure
How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano
More informationHOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationFINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER
FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER As a board-level discussion topic at all financial institutions (FI) today, operational risk is real and public disclosure of significant
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationRSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA
RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationGetting Your Business Back
Getting Your Business Back Pulling Together Business Continuity, Crisis Management and Disaster Recovery Many organizations have a program (or programs) in place to keep operations going (or to resume
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationTHE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE
THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE When it comes to building a business continuity management (BCM) program that s complete, current, and compliant, there is no substitute for
More informationBusiness Continuity Management Emerging Trends
Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO 22301 LI Associate Director Axis Risk Consulting March 2013 Outline 2 1. Business
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationBusiness Continuity Planning
Business Continuity Planning Public Entities Risk Management Forum 5 th July 2012 Presented by Mark Penberthy FBCI Overcoming Practical Challenges Business Continuity Management (BCM) AGENDA 1. What is
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationFactonomy Resilience. Enterprise Business Continuity
Factonomy Resilience Enterprise Business Continuity BIA Wizard and Questionnaire: A highly configurable tool that will fit any methodology. BIA Surveys and Templates The Business Impact Analysis module
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationBusiness Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013
Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationTop 7 Best Practices for IT Service Continuity
Top 7 Best Practices for IT Service Continuity Who should read this paper Organizational leads that influence and make decisions on Business Continuity practices for the business IT service continuity
More informationCSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM
A WHITE PAPER CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM AUTHORS: Neil A. Smith, MBCP nsmith24@csc.com Sandra Riddell, MBCI sriddel4@csc.com CSC Papers 2013 ABSTRACT The auditors said
More informationMoving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationEMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES
EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationBy. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
More informationIntroduction to Business Continuity Planning
Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute
More informationRSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education
RSA Archer Training Governance, Risk and Compliance Managing enterprise-wide governance, risk and compliance through training and education www.emc.com/rsa-training 1 RSA Archer Training Table of Contents
More informationBusiness Continuity Management Software
Business Continuity Management (BCM) Software 1 Business Continuity Management Software All In One Continuity Management Solution A Single Platform Approach Manage entire lifecycle with comprehensive BC
More informationBusiness Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems
Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems 9 April, 2008 2 Presentation content Drivers for Business Continuity Standards and definitions.
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationPreparing for the Convergence of Risk Management & Business Continuity
Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationAN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION
AN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION Five key success factors IT organizations today are under constant business pressure to transform their infrastructure to reduce costs, increase
More informationBusiness Continuity Standards A Primer
INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.
More informationBS 25999 BUSINESS CONTINUITY MANAGEMENT
BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,
More informationPCI DSS READINESS AND RESPONSE
PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and
More informationMasterminding Data Governance
Why Data Governance Matters The Five Critical Steps for Data Governance Data Governance and BackOffice Associates Masterminding Data Governance 1 of 11 A 5-step strategic roadmap to sustainable data quality
More informationMaking Compliance Work for You
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationUsing Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy. June 23, 2015
Using Enterprise Governance, Risk, And Compliance (EGRC) Tools For Improved Management Of Security And Privacy June 23, 2015 What is egrc? A management system for compliance requirements, policies, risk
More informationw w w. s t r a t u s. c o m
Managed Services Buying Guide Eight ways to sustain 99.999% SLAs for vital business processes. In the real world. w w w. s t r a t u s. c o m Mission-critical SLAs demand mission-critical managed services.
More informationThe seven essential practices for effective business continuity management
IBM Global Technology Services Thought Leadership White Paper April 2014 The seven essential practices for effective business continuity management Building a business-centric program to help reduce risk
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationBusiness Continuity Planning. Description and Framework. White Paper. Preface. Contents
Comprehensive Consulting Solutions, Inc. Business Savvy. IT Smart. Business Continuity Planning White Paper Published: April 2001 (with revisions) Business Continuity Planning Description and Framework
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationCA Service Desk On-Demand
PRODUCT BRIEF: CA SERVICE DESK ON DEMAND -Demand Demand is a versatile, ready-to-use IT support solution delivered On Demand to help you build a superior Request, Incident, Change and Problem solving system.
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationGETTING STARTED WITH DISASTER RECOVERY PLANNING
GETTING STARTED WITH DISASTER RECOVERY PLANNING Ten misperceptions, Five best practices EMC PERSPECTIVE Natural and man-made events plus the technology innovations of the 21st century have heightened awareness
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationBusiness Risk Consulting Group. Strengthening Business Resilience
Business Risk Consulting Group Strengthening Business Resilience From our board of directors viewpoint on corporate governance, the business impact analysis allowed us to demonstrate that we had considered,
More informationBoost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations
Boost BCM Program Maturity: Arm Your Team with the Right Tools Jason Zimmerman Vice President Operations Gartner Rates Incident Management Systems Benefit High In their 2014 Hype Cycle Report, Gartner
More informationThe Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence
How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................
More informationBUSINESS CONTINUITY PLAN OVERVIEW
BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and
More informationOPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC
OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC TOP RISKS: THE WORLD WITHOUT GRC LACK OF ENTERPRISE-WIDE VISIBILITY Every organizational unit has some level of risk it must address.
More informationEMC HYBRID CLOUD FOR SAP
White Paper EMC HYBRID CLOUD FOR SAP Centralize compliance information into a single repository Automate application control verification Integrate RSA Archer with SAP EMC Solutions Abstract This White
More informationBusiness Continuity Management Policy
Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve
More informationSMART Considerations for Active Directory Migration. A Strategic View and Best Practices for Migrating the Corporate Directory
SMART Considerations for Active Directory Migration A Strategic View and Best Practices for Migrating the Corporate Directory Table of Contents Introduction: The Strategic View of Active Directory Migrations...
More informationCA Service Desk Manager
DATA SHEET CA Service Desk Manager CA Service Desk Manager (CA SDM), on-premise or on-demand, is designed to help you prevent service disruptions, better manage change risks, and provides a 360-degree
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationDESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST
CONTENTS A Brief Introduction... 3 Where is the Value?... 3 How Can We Control Costs?... 5 The Delivery Mechanism... 7 Strategies to Deliver Training and Awareness... 8 Proving Training/Awareness Program
More informationBUSINESS RESILIENCE READY OR NOT
BUSINESS RESILIENCE READY OR NOT EDC Whitepaper 2014 Table of Contents Executive Summary 2 Need for Effective BCM 2 Government requirements for BCM 4 The Challenge - Disasters and Threats 4 Pandemic and
More information2008-2009 2008-2009 TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY
2008-2009 The Second Annual Trends in Business Continuity and Crisis Communications Survey has been completed with over 700 participants from a wide range of industries and organizational sizes. The Disaster
More informationMHA Consulting. Business Continuity Management 101
0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends
More informationCA Service Desk Manager
PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES
More informationCRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical
More informationTop 7. Best Practices for Business Continuity
Business continuity undoubtedly is at or near the very top of every IT organization s list of strategic initiatives, considering the dramatic costs and implications of downtime. Here are some best practices
More informationWhite Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview
White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental
More informationManaging business risk
Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success
More informationFlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk
Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business
More informationSkelta BPM and High Availability
Skelta BPM and High Availability Introduction Companies are now adopting cloud for hosting their business process management (BPM) tools. BPM on cloud can help control costs, optimize business processes
More informationExternal Supplier Control Requirements BCM
External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More information