Getting Your Business Back

Size: px
Start display at page:

Download "Getting Your Business Back"

Transcription

1 Getting Your Business Back Pulling Together Business Continuity, Crisis Management and Disaster Recovery Many organizations have a program (or programs) in place to keep operations going (or to resume them as quickly as possible) when faced with a loss or interruption of resources. Whatever these programs are called business continuity, disaster recovery, business resiliency or anything else there seems to be a common thread: the responsibility for them tends to lie in several different (and often uncoordinated) departments. In many cases, the business continuity group reports to the CFO, the Risk Officer, the COO and the IT department. But structure and reporting does not guarantee successful business continuity. With responsibility for business continuity lying in so many places, how do you make it work? This white paper outlines an approach to business continuity that lets you take a group of people with unique and valuable skills and organize them in a collaborative way to create a successful business continuity program. This does not mean that every member of the team is equal to the next. Leadership and accountability are also important parts of a successful business continuity recipe. The approach outlined in this paper is founded on the belief that a business continuity program can only be effective if it s a part of the culture of an organization. Definitions As a starting point let s agree upon some basic concepts: Business continuity is the discipline of assuring that a business has a plan to resume operations in the event of loss of resources (people, facilities, technology, machinery, transportation, critical records or third-party suppliers) resulting in an unacceptable slowdown or loss of business operation. Disaster recovery is the discipline of recovering IT assets and services lost to the business. Crisis management is the process of executing a structured plan to manage the response to an event that affects business continuity or requires a recovery process. Risk management is the discipline of ascertaining and mitigating risks. In most cases this includes a wider definition of risk mitigation than that associated with a business disruption due to a loss of resources. Audit and compliance is the discipline of validating that specific processes are being followed and requirements met. Best Practices

2 One way of looking at the relationship of these groups within an organization is depicted in the following graphic: Business Continuity Disaster Recovery Crisis Management Risk Management Audit and Compliance As illustrated above, disaster recovery and crisis management are disciplines within business continuity management. Risk management overlaps the responsibility of continuity management, and audit and compliance has an overlapping responsibility across all risks areas within the company. An Approach The primary goal of a business continuity program is to coordinate the efforts of your business continuity group, your information technology organization, your audit and compliance and risk management functions, and the business units or departments responsible for developing or executing individual business-continuity, disaster-recovery or crisis-management plans. An architect or a designer starts a project with a vision of what the end-state will be. In business, we follow a process or framework, focusing more on the steps than on the end game. One suggestion would be to take the best of both of these approaches. Whether you re at the beginning of your program, or well into the program and looking for places to improve, following a structured process and having a specific end-state as a goal will significantly improve the outcome. Each of the different groups in your company, like the members of a team, should work together, having both individual assignments and a team goal. The audit and compliance and risk-management functions help identify gaps and direction; the business continuity team creates and coordinates the overall plan; the business units execute their individual recovery solutions; and the IT department oversees the technology. The role of the business continuity group What should a business continuity group be doing to fulfill its role in the program? It should: Establish an overall plan with both long- and short-term goals. This program plan should detail the steps that will be taken to build or expand the program. This should encompass both short-and long-term goals (see page 4). It should also include the required human resources, an estimate of the time commitment needed from those resources, and any budgetary impact. The program plan will be a key component of the justification or business case that may need to be developed to ensure executive support. page 2

3 The role of the business continuity group Establish an overall plan with both long- and short-term goals. Establish communication plans. Define recovery scenarios and severity levels to establish response protocols. Define the measurement and control points of the program. Be consultative to the business. Establish a framework for business units to use in building their own continuity plans. The business continuity group should not take on the writing of continuity or recovery plans for business units, departments or facilities. Instead, they should provide the structure and the framework for such plans, and supporting documentation. Individual plans won t be exactly the same as one another, but there should be similarities in context and framework from one plan to another. The business continuity group should set guidelines for the content and an appropriate level of response based on which resource is lost and the severity of the loss (see Define recovery scenarios and severity levels on page 4). Lastly, it s important for the group to establish that there is continuity in plan development, communication protocols, and test exercise objectives. Establish communication plans. The business continuity group will also draw up and maintain communication plans in line with the organization s crisis management plans (this may require an interface with corporate communications and legal). Some events will have an obvious prescriptive response, while others will rely on specified processes to determine the right responses and assure their timely execution. The business continuity team needs to ensure that the communication plan covers the processes for declaring a disaster, communicating what response plan has been put in motion, providing ongoing communications, and coordinating communication activities. The crisis management plan developed by the crisis management team coordinates the activities between senior and local management and other employees. It also establishes the activities for event lifecycle management (declaration, assessment, response), recovery team coordination and activity prioritization. The plan should have two specific parts: a strategic document describing the interaction between groups, and a tactical set of instructions much like a project plan. Define recovery scenarios and severity levels to establish response protocols. Business continuity planning means being able to call on an alternative resource if your primary resource becomes unavailable. Your plan should cover seven types of resource people, facilities, technology, machinery, transportation, critical records and third-party suppliers taking into consideration the severity of the loss and the expected length of the disruption. As an example, in planning for a flu outbreak you need an alternative resource plan for a people resource shortage. You have to define your critical people resources, determine how long you can operate without their specific service to your company, and develop a plan to cross-train others to do the job of those missing. In doing so you ve defined the parameters of the disruption, who and how many are out, and how long the disruption will last. In other words, you ve identified and delineated the disruption possibility and determined your recovery plan based upon the severity. Defining disruption severities allows you to set expectations of what you will and won t do when a disruption occurs. It helps determine when a disruption is really a disaster and, by nature of the definition, outlines an appropriate action. page 3

4 Define the measurement and control points of the program. Once your business continuity program is underway, it s important to articulate the progress that it s making. While common indicators include the number of mechanical outcomes (completed business impact assessments (BIAs), completed plans, etc.), other measurements could be the amount of risk mitigated, the preparedness of staff at a location, the success of the last exercise, or a self-evaluation by the senior manager in charge of the facility. While these types of measurements are less binary, and certainly more subjective, than the mechanical outcomes, they really help define the risk of not being able to recover from a disruption due to a lack of understanding or lack of preparedness by the relevant people. Be consultative to the business. Only by communicating with and helping the business-continuity user community within your organization (ie, those affected by the program), can you build their awareness and adoption of the program and evolve their maturity within the program. From the six points above we can see that the business continuity group generally has three main responsibilities when it comes to developing or refining the business continuity program: 1) Defining the framework and governance of the program. 2) Validating and measuring the results of the program. Building and maintaining a business continuity program is not a sprint, it s a journey. It requires a change in corporate culture. 3) Being the champions of the program. Four principles of successful business continuity programs As the business continuity group works to carry out these responsibilities, here are some tips for doing so successfully. Establish short- and long-term goals Building and maintaining a business continuity program is not a sprint, it s a journey. It requires a change in corporate culture. Establish your goals on both a short- and longterm scale (six-monthly or one-year increments work in most organizations). Make sure the goals are measurable, attainable, and easily communicated. If you re implementing a new program, good short-term goals include developing the charter and the framework of the program, while good long-term goals might be implementing communication and awareness programs. In an existing business continuity program, a good place to start is identifying the maturity of the program and comparing it to the risk tolerance of the organization. In general, this type of assessment pinpoints gaps that identify measurable changes to the program. Make sure it works There are many publications, instructions, processes and methodologies for implementing a business continuity program. Many of them could have you paying a lot of attention to the activities in the program, yet not producing a result that changes the continuity posture of your organization. Why? One business continuity manager from a large multinational organization spent more than a year working on the company s risk analysis. He first identified an impressive list of risks and potential threats. Next he investigated the historical occurrences of each of the threats, driving towards the root cause of several of the occurrences, and then assigning a probability of occurrence to each threat based on the likelihood of the company experiencing the same type of event again. At the end of the year, a pretty significant document was created. It was rich in facts and details; but it could not draw a specific conclusion or support any of the program recommendations. page 4

5 The problem is analysis paralysis. Gaining a better understanding of events is certainly important; indeed it s best practice. But no matter how much analysis you do, there s really no way to predict most disasters. So you need to match the analytical process with at least as much attention to the results you want to achieve and the actions you must take to achieve them. Here s a simple analogy. If you rely on your car for transportation, a flat tire is a threat to your transportation resource. Analyzing the incidence of flat tires might give you insight into the conditions most likely to cause a flat, but can never actually predict the next one. That s why the most important thing you can do is keep up with the normal maintenance schedule and regularly check to see if the spare is road-worthy. The spare tire mitigates the risk of losing your transportation resource, even though the loss event is not predictable. Methodologies, frameworks and standards all provide a set of guidelines to best practice in building your business continuity program; but a common mistake is focusing on the process and never looking at the results. So make time to take a step back and assess how integral to your company your business continuity program is. If it s not an integral part of the organization s culture and processes it s unlikely to give you the results you expect. Automate if you can Having a tool to automate a repetitive process can save time and money, providing the acquisition and implementation cost of the tool doesn t outweigh the benefit it provides. Many tools are available in the industry but not all add value. Some automate a process that is already automated; others take a methodology and automate that methodology, requiring you to adopt their way of doing things. Tools don t need to be complex in order to be useful. They just need to be able to economically assist you in getting a job done in the way that you want to do it. Tools don t need to be complex in order to be useful. They just need to be able to economically assist you in getting a job done in the way that you want to do it. The question, when selecting a tool, is: what are you expecting it to do? Evaluate what you want the tool to do and what alternative methods there are for achieving those ends, before assessing the features and functions of the tool, the level of customization you require (and how easy it is to customize), and what benefits the tool brings. Don t forget to consider the requirements of crisis management and disaster recovery planning; if a tool doesn t help with these elements of business continuity it s leaving out half the story. An important consideration for any tool set is how well it lets you identify the control and audit points in your program, and understand the level to which each location, department or person (as relevant) has executed that control. For example, say there s a requirement to review the business impact of a potential outage on a biannual basis. The departments that have completed that task are compliant, and those that have not are non-compliant. If this requirement is dictated by a standard framework that your organization is bound by, the exposure that exists because of non-compliance is a measurable risk that is important to understand. If you have many locations or departments covered by this requirement (maybe nationally or even globally), collecting this datum on compliance can be a daunting task unless it s a function of an automated control point in your business continuity management tool. The final question to ask is whether or not the tool lets you easily link to other functions of the business such as risk management, audit and compliance. Without such linkages, it s difficult to truly understand the business impact of business continuity activities over time. page 5

6 Don t confuse installation and implementation Business continuity tools can be complex, especially for larger organizations. Having a tool installed entails setting up the computing platform and configuring the software for access. It doesn t get you close to having a useful and productive tool for your program; for that you need an implementation plan. Success stems from understanding what you need to automate and what compromises you re willing to make with the tool that you select, as well as a realistic understanding of the benefits it can bring to your program. An implementation plan for a tool requires you to understand what you want automated, what you re expecting as a result, and how to work with the tool vendor to roll out these requirements after installation. The implementation process includes configuration, customization, and training for you and the end-user community on the tool s functionality and features. It may also cover requirements for integration with other tools, such as those for risk management or audit and compliance. Some organizations start by buying a tool and building their program around it. Others build their program and then buy a tool to support it. Both approaches have the same likelihood of success or failure. Success stems from understanding what you need to automate and what compromises you re willing to make with the tool that you select, as well as a realistic understanding of the benefits it can bring to your program. In your evaluation of any tool, ask to talk to the customers who are having difficulties implementing the tool, not just the reference customers. Conclusion While many organizations have a culture of separating the responsibilities for functions such as disaster recovery, crisis management, risk management, audit and compliance, and business continuity, there are working management structures, processes and tools that can help you have a coordinated approach to these related functions. In this way you can change the business continuity and recovery posture of your organization for the better. Written by John Linse, Global Competency Data Protection Service for EMC. John is a regular speaker at disaster recovery events, seminars and conferences, including recent presentations at EMC World, HIMMS, and local chapters of ACP. John has published a white paper, Decision in Disaster Recovery and is authoring another on data protection in a cloud architecture. page 6

7 About RSA RSA is the premier provider of security, risk and compliance solutions, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, data loss prevention, encryption and tokenization, fraud protection and SIEM with industry leading egrc capabilities and consulting services, RSA brings trust and visibility to millions of user identities, the transactions that they perform and the data that is generated. EMC 2, EMC, RSA and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners EMC Corporation. All rights reserved. Published in the USA. h9013-bccmdr-wp-0811

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their

More information

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS BUSINESS BENEFITS Use of the Certified Partner seal and the Secured by RSA brand on product packaging and advertising Exposure in the Secured by RSA

More information

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet

More information

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing

More information

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015

Code Subsidiary Document No. 0007: Business Continuity Management. September 2015 Code Subsidiary Document No. 0007: September 2015 Change History Version Number Date of Issue Reason For Change Change Control Reference Sections Affected 20150511 11 May 2015 For industry consultation

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,

More information

Enterprise Data Supply Chain Management

Enterprise Data Supply Chain Management Enterprise Data Supply Chain Management What You Need to Know July 2015 www.stonebranch.com Abstract Of all the assets a company owns, perhaps the most valuable is its data. This data has its highest meaning

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Disaster Recovery Strategy in the Modern Market A PRACTICAL GUIDE FOR BUSINESS. Your Proven Partner in Communications Solutions

Disaster Recovery Strategy in the Modern Market A PRACTICAL GUIDE FOR BUSINESS. Your Proven Partner in Communications Solutions TM Disaster Recovery Strategy in the Modern Market A PRACTICAL GUIDE FOR BUSINESS Your Proven Partner in Communications Solutions Contents What is Disaster Recovery? 1 Components of Disaster a Recovery

More information

Business resilience: The best defense is a good offense

Business resilience: The best defense is a good offense IBM Business Continuity and Resiliency Services January 2009 Business resilience: The best defense is a good offense Develop a best practices strategy using a tiered approach Page 2 Contents 2 Introduction

More information

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

IBM index reveals key indicators of business continuity exposure and maturity

IBM index reveals key indicators of business continuity exposure and maturity IBM Global Technology Services Business Continuity and Resiliency Services IBM index reveals key indicators of business continuity exposure and maturity Will a more holistic approach to business continuity

More information

The seven essential practices for effective business continuity management

The seven essential practices for effective business continuity management IBM Global Technology Services Thought Leadership White Paper April 2014 The seven essential practices for effective business continuity management Building a business-centric program to help reduce risk

More information

SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT

SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT How can I ensure an exceptional end-user experience for business-critical applications and help reduce risk without over

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

GETTING STARTED WITH DISASTER RECOVERY PLANNING

GETTING STARTED WITH DISASTER RECOVERY PLANNING GETTING STARTED WITH DISASTER RECOVERY PLANNING Ten misperceptions, Five best practices EMC PERSPECTIVE Natural and man-made events plus the technology innovations of the 21st century have heightened awareness

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion

More information

Develop an intelligent disaster recovery solution with cloud technologies

Develop an intelligent disaster recovery solution with cloud technologies Develop an intelligent disaster recovery solution with cloud technologies IBM experts share their insight on how cloud technologies can help restore IT operations more quickly, reliably and cost-effectively

More information

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Disaster Recovery and Business Continuity What Every Executive Needs to Know Disaster Recovery and Business Continuity What Every Executive Needs to Know Bruce Campbell & Sandra Evans Contents Why you need DR and BC What constitutes a Disaster? The difference between disaster recovery

More information

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE When it comes to building a business continuity management (BCM) program that s complete, current, and compliant, there is no substitute for

More information

How Organizations Are Improving Business Resiliency With Continuous IT Availability

How Organizations Are Improving Business Resiliency With Continuous IT Availability A Custom Technology Adoption Profile Commissioned By EMC Corporation How Organizations Are Improving Business Resiliency With Continuous IT Availability February 2013 Introduction: Business Stakeholders

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal

More information

White Paper. Incident Management: A CA IT Service Management Process Map

White Paper. Incident Management: A CA IT Service Management Process Map White Paper Incident Management: A CA IT Service Management Process Map Peter Doherty Senior Consultant, Technical Service, CA, Inc. Peter Waterhouse Director, Product Marketing, Business Service Optimization,

More information

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely

More information

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief RSA SECURITY MANAGEMENT An Integrated approach to risk, operations and incident management Solution Brief THE PROBLEM WITH TACTICAL SECURITY MANAGEMENT What are your organization s most pressing IT security

More information

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

SUSTAINING COMPETITIVE DIFFERENTIATION

SUSTAINING COMPETITIVE DIFFERENTIATION SUSTAINING COMPETITIVE DIFFERENTIATION Maintaining a competitive edge in customer experience requires proactive vigilance and the ability to take quick, effective, and unified action E M C P e r s pec

More information

Software License Asset Management (SLAM) Part 1

Software License Asset Management (SLAM) Part 1 LANDesk White Paper Software License Asset Management (SLAM) Part 1 Five Steps to Reduce Software License Costs and Ensure Audit Preparedness Contents A Software Audit Looms in Your Future.... 3 Overbuying

More information

SECURING IDENTITIES IN CONSUMER PORTALS

SECURING IDENTITIES IN CONSUMER PORTALS SECURING IDENTITIES IN CONSUMER PORTALS Solution Brief THE CHALLENGE IN SECURING CONSUMER PORTALS TODAY The Bilateral Pull between Security and User Experience As the world becomes increasingly digital,

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Elements of a Sound Business Continuity Plan and the Role of the Cloud. An NTT Communications White Paper

Elements of a Sound Business Continuity Plan and the Role of the Cloud. An NTT Communications White Paper Elements of a Sound Business Continuity Plan and the Role of the Cloud An NTT Communications White Paper Table of Contents Introduction... 2 Elements of a Business Continuity Plan... 2 Identify Critical

More information

PCI DSS READINESS AND RESPONSE

PCI DSS READINESS AND RESPONSE PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and

More information

50x 2020 40 Zettabytes*

50x 2020 40 Zettabytes* IBM Global Technology Services How to integrate cloud-based disaster recovery into your existing business continuity plans Richard Cocchiara: IBM Distinguished Engineer; CTO IBM Business Continuity & Resiliency

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Chapter I: Fundamentals of Business Continuity Management

Chapter I: Fundamentals of Business Continuity Management Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify

More information

Risk & Audit Committee California Public Employees Retirement System

Risk & Audit Committee California Public Employees Retirement System California Public Employees Retirement System Consent Agenda Item 5d ITEM NAME: Enterprise Risk Management Division Status Report PROGRAM: Risk Management ITEM TYPE: Information Consent EXECUTIVE SUMMARY

More information

The case for cloud-based data backup

The case for cloud-based data backup IBM Global Technology Services IBM SmartCloud IBM Managed Backupi The case for cloud-based data backup IBM SmartCloud Managed Backup offers significant improvement over traditional data backup methods

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

SIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS

SIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS SIEM 2.0: INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS AN IANS INTERACTIVE PHONE CONFERENCE SUMMARY OF FINDINGS OCTOBER 2009 Chris Peterson, LogRhythm CTO, Founder Chris brings a unique

More information

Top 10 Managed Hosting And Hosted Cloud Best Practices

Top 10 Managed Hosting And Hosted Cloud Best Practices A Forrester Consulting June 2014 Thought Leadership Paper Commissioned By AT&T Top 10 Managed Hosting And Hosted Cloud Best Practices Table Of Contents Executive Summary... 1 Minimize Pitfalls In Transitioning

More information

Business Continuity Planning in IT

Business Continuity Planning in IT Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions

More information

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education RSA Archer Training Governance, Risk and Compliance Managing enterprise-wide governance, risk and compliance through training and education www.emc.com/rsa-training 1 RSA Archer Training Table of Contents

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015 Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Insights: Data Protection and the Cloud North America

Insights: Data Protection and the Cloud North America Insights: Data Protection and the Cloud North America Survey Report May 2012 Table of Contents Executive Summary Page 3 Key Findings Page 4 Investment in data protection & DR operations Page 4 Data and

More information

Effective and Efficient SAM execution to manage software Spend and Compliance

Effective and Efficient SAM execution to manage software Spend and Compliance WHITEPAPER March 2014 www.beroeinc.com Effective and Efficient SAM execution to manage software Spend and Compliance Abstract Yes, Software is a critical asset for any type of industries which plays a

More information

Strategies for assessing cloud security

Strategies for assessing cloud security IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary

More information

How to Choose a Cloud Backup Service Provider

How to Choose a Cloud Backup Service Provider How to Choose a Cloud Backup Service Provider List Products Implemented in File- Properties Why Should You Protect Your Data? Sooner or later - by mischief, misfortune or mistake - Odds are you will experience

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Top 10 Compliance Issues for Implementing Security Programs

Top 10 Compliance Issues for Implementing Security Programs www.dyonyx.com Top 10 Compliance Issues for Implementing Security Programs This White Paper articulates the top ten issues that we have encountered in the design and implementation of comprehensive Security

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Using Data Mining to Detect Insurance Fraud

Using Data Mining to Detect Insurance Fraud IBM SPSS Modeler Using Data Mining to Detect Insurance Fraud Improve accuracy and minimize loss Highlights: Combine powerful analytical techniques with existing fraud detection and prevention efforts Build

More information

The Emergence of Security Business Intelligence: Risk

The Emergence of Security Business Intelligence: Risk The Emergence of Security Business Intelligence: Risk Management through Deep Analytics & Automation Mike Curtis Vice President of Technology Strategy December, 2011 Introduction As an industry we are

More information

ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL

ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL Time is running out for the traditional, monopolistic IT model now that users have so many alternatives readily available. Today s enterprises

More information

ISO/IEC 27001 Information Security Management. Securing your information assets Product Guide

ISO/IEC 27001 Information Security Management. Securing your information assets Product Guide ISO/IEC 27001 Information Security Management Securing your information assets Product Guide What is ISO/IEC 27001? ISO/IEC 27001 is the international standard for information security management and details

More information

Skelta BPM and High Availability

Skelta BPM and High Availability Skelta BPM and High Availability Introduction Companies are now adopting cloud for hosting their business process management (BPM) tools. BPM on cloud can help control costs, optimize business processes

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency EXECUTIVE BRIEF Service Operations Management November 2011 Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency agility made possible David Hayward Sr.

More information

Creating and Testing Your IT Recovery Plan

Creating and Testing Your IT Recovery Plan WHITEPAPER Creating and Testing Your IT Recovery Plan Regular tests of your IT disaster recovery plan can mean the difference between a temporary inconvenience or going out of business. http://www.quorum.net/

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

how can I deliver better services to my customers and grow revenue?

how can I deliver better services to my customers and grow revenue? SOLUTION BRIEF CA Wily Application Performance Management May 2010 how can I deliver better services to my customers and grow revenue? we can With the right solution, you can be certain that you are providing

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late. BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS Disasters happen. Don t wait until it s too late. OVERVIEW It s inevitable. At some point, your business will experience data loss. It could

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

IT ASSET MANAGEMENT SELECTED BEST PRACTICES. Sherry Irwin

IT ASSET MANAGEMENT SELECTED BEST PRACTICES. Sherry Irwin IT ASSET MANAGEMENT SELECTED BEST PRACTICES Sherry Irwin IT ASSET MANAGEMENT SELECTED BEST PRACTICES By Sherry Irwin INTRODUCTION As the discipline of IT asset management (ITAM) began to evolve in the

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Disaster Recovery. Continuity in an Uncertain World

Disaster Recovery. Continuity in an Uncertain World Disaster Recovery Continuity in an Uncertain World The Cloud is confusing well it can be, and that s where CloudU comes in. CloudU is a comprehensive Cloud Computing training and education curriculum developed

More information

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or

More information

Business Continuity in Healthcare

Business Continuity in Healthcare Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,

More information

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT April 16, 2014 INTRODUCTION Purpose The purpose of the audit is to give assurance that the development of the Metropolitan Council s Continuity

More information

Crossing the DevOps Chasm

Crossing the DevOps Chasm SOLUTION BRIEF Application Delivery Solutions from CA Technologies Crossing the DevOps Chasm Can improved collaboration and automation between Development and IT Operations deliver business value more

More information

PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT

PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT RESOURCES PROVIDED THROUGH APRIL 2001 Slides Narration In the last presentation, you learned about some of the general responsibilities

More information

Business Continuity Planning Instructions

Business Continuity Planning Instructions Business Continuity Planning Instructions Business continuity planning is a proactive planning process that ensures critical services or products are delivered during a disruption. In creating the plan,

More information

Shell s Health, Safety and Environment (HSE) management system (see Figure 11-1) provides the framework for managing all aspects of the development.

Shell s Health, Safety and Environment (HSE) management system (see Figure 11-1) provides the framework for managing all aspects of the development. Section 11.1 APPLICATION FOR APPROVAL OF THE DEVELOPMENT PLAN FOR NIGLINTGAK FIELD PROJECT DESCRIPTION INTRODUCTION 11.1.1 HSE MANAGEMENT SYSTEM Shell s Health, Safety and Environment (HSE) management

More information