How To Plan A Crisis Management Program

Size: px
Start display at page:

Download "How To Plan A Crisis Management Program"

Transcription

1 Building a Security Conscious Business Continuity Management (BCM) Program Sam Stahl, CBCP, MBCI EMC Global Professional Services Program Manager stahl_samuel@emc.com ASIS Singapore, 2014

2 Agenda Overview ASIS Security Councils / Security Concerns Definitions Recovery Program Goals Considerations BCM Governance Program Teams Methodologies Recovery & Response Plans Exercises Measurements and Reporting Standard Documentation and Templates Questions to ask Next Steps 2

3 Overview Building a Security Conscious Business Continuity (BCM) Program This presentation illustrates how comprehensive BCM Programs can be developed to include security functions. Includes key elements of the ASIS Crisis Management and Business Continuity Council s annual Crisis Management Workshop which strives to illustrate the importance of security functions and organizations within recovery programs. 3

4 ASIS Councils / Security Concerns Academic and Training Programs Banking and Financial Services Commercial Real Estate Crime and Loss Prevention Crisis Management and Business Continuity Cultural Properties Defense and Intelligence Economic Crime Fire and Life Safety Food Defense and Agriculture Security Gaming and Wagering Protection Global Terrorism and Political Instability Healthcare Security Hospitality, Entertainment and Tourism Security Information Asset Protection and Pre-Employment Screening Information Technology Security Investigations Law Enforcement Liaison Leadership and Management Practices Military Liaison Petrochemical, Chemical, and Extractive Industry Security Pharmaceutical Security Physical Security Retail Loss Prevention School Safety and Security Security Architecture and Engineering Security Services Supply Chain and Transportation Security Utilities Security 4

5 Definitions Recovery Program / Continuity Program / Crisis Management Program Governance Teams vs. Recovery Teams Disaster Recovery Business Continuity Crisis Management vs. Emergency Management vs. Incident Response Emergency Response Organizational Resilience Business Impact Analysis (BIA) Recovery Time Objective (RTO) Recovery Point Objective (RPO) SLAs, DOUs, Contracts & Regulations Hierarchical Criticality Categorizations 5

6 Recovery Program - Goals Recovery Of Critical Functions & Assets & Infrastructure Customers Products, Services, & Communications Sales / Marketing Manufacturing Shipping HR Legal Communications Security Accounting Facilities Helpdesk R&D IT Payroll Outside Resources Products, Services, & Communications 6

7 Recovery & Security Considerations Regulatory Local, State, Federal (Homeland Security, Financial regulations, Import / Export regulations, Etc.) Customer Contracts to perform at certain levels Guaranteed Sole provider Service Level Agreements Enterprise Risk Management Internal Meet BC / DR documented goals RTOs RPOs SLAs Audits Security Awareness Industry Trends Industry Conferences Security Organization s Business Local & Global Politics Disasters News 7

8 BCM Governance 8

9 Governance - Recovery Program Teams High Level Oversight Program Delivery Day to Day Recovery Responsibilities Plan-Build-Maintain Assist the Plan Owners as needed Unique Recovery Teams responsible for the development and implementation of specific recovery plans 9

10 Governance (Cont.) Methodology: ASIS/BSi BCM BSi: British Standards Institute 10

11 Governance (Cont.) Methodology: Disaster Recovery Institute International (DRII) According to the Disaster Recovery Institute International (DRII), a BC Program should contain have the following areas: 1. Program Initiation and Management 2. Risk Evaluation and Control 3. Business Impact analysis 4. Business Continuity Strategies 5. Emergency Response and Operations 6. Business Continuity Plans 7. Awareness and Training Programs 8. Business Continuity Plan exercise, audit and maintenance 9. Crisis Communications 10. Coordination with external agencies 11

12 Governance (Cont.) Recovery Methodology Flow 12

13 Governance (Cont.) Recovery & Response Plans Emergency Response Plans Incident Management Evacuation Plans Shelter in Place Intruder Alert Active Shooter, Etc. Emergency Management Organizational Emergency Management Geographical Business Continuity Business unit / Location Disaster Recovery IT, critical resources Specialized plans for unique areas R&D Manufacturing, Etc. 13

14 This image cannot currently be displayed. This image cannot currently be displayed. Governance (Cont.) Recovery and Response Plans Corporate Emergency Management Team This is usually the team that Declares a Disaster or Authorizes an Emergency Response People & Property Impacts Network & Infrastructure Impacts Business Unit Impacts People Buildings People Data Centers DR CTRs Comms Critical Business Processes People Buildings Technical Buildings Retail Stores Outages/Escalations for: Information Technology Network Services Data Distribution Data Replication Maintain Product and Services Delivery Maintain Billing Process Fund Bank Accounts/Pay Employees Manage Reputation and Brand Impact Manage Internal and External Communications 14

15 Governance: Exercises You need to know that you can REALLY recover! If you don t test, you don t really know if it works Training, conditioning, & improvement Business Continuity exercise the recovery of business functions Business processes usually ranked by importance Emergency response Crisis management Disaster Recovery exercise the recovery of assets All assets, not just IT Information technology, facilities, manufacturing, personnel, etc. Continuous Improvement Find & fix points of failure Operational Risks Identify Accept or mitigate 15

16 Exercises - Who Should Participate Crisis Management Team Response Teams Business Unit Teams Operations Business Technology Other Teams / Agencies / Organizations Participation or due diligence Handicap employees Non-recovery team employees Police: Town, County, State, DOC, other Fire Hospitals Office of Emergency Management Military Regulators FEMA Strategic Vendors Strategic Customers? Post Office School officials Other private companies Other Support Teams, such as Facilities, HR, Finance, Corporate Communications Risk Information Technology Support Teams 16

17 Exercises 1. Define the objectives 2. Select and prepare the participants 3. Promote the exercise 4. Prepare the scenario and scripts 5. Prepare the exercise timeline 6. Prepare audiovisuals and handouts 7. Plan the logistics 8. Participate or Manage the exercise 9. Conduct debriefings 10. Write the evaluation report 11. Update Plans Update the Plans Steps to a Successful Exercise Security Assist 17

18 Example Exercise Tracking Chart Organization / Area Exercised May 2008 West June 2008 National July 2008 East October 2008 Central Customer Operations C S I C I C S I S Distribution & Operations C S I C C S I -- ERM Fraud/Risk Control Operations C C C C Finance C C C S I C S Human Resources C S I -- C S I C S I Information Technology C -- C C Marketing C C C C Physical Security C S -- C S C S All Others C C C S I C Exercise Simulations Bio-terrorism Ö -- Ö Ö Bombing Ö Ö Ö Ö Simulated Injuries Ö Ö Ö Ö Participation Regional / National Crisis Management Team Participation & support teams Business Continuity Teams Total Participation C = Crisis Management Team Participation S = Provided recovery support efforts or participation I = Resources were impacted by the exercise 18

19 Standard Documentation / Templates Governance Model Program Tracking Mechanism Overview and detail Business Impact Analysis Process and Report Risk Analysis Process and Report Strategy Overview - How you will address Responding to a crisis and a recovery (Separate Plans) Managing the crisis and the recovery (Separate Plans) Continuity of Business Functions Recovery of IT and other critical assets and Infrastructure Training Technical and general / cultural awareness Recovery Plan templates One for each type of plan. These should all work together like a well oiled machine Exercises Processes, Scheduling, & Tracking Considerations from contracts, SLAs, and government regulations Glossary 19

20 Recovery and Response Plans - Checklist 1. Who and what are behind the need for a recovery plan? (Customers, the government, industry rules?) 2. What level of risk can the organization handle? 3. Who is the organization s crisis leader? 4. Do you have cross-business crisis management teams? 5. Do they meet periodically? 6. What organizations participate in crisis management? 7. Do they utilize internal and external crisis communications plans? 8. Are all the team members trained? 9. Does your crisis management team maintain an up-to-date listing of all business sites, addresses, primary points of contact, etc.? 10.Do you have a designated crisis management command center? 20

21 Recovery and Response Plans - Checklist 11.Are the crisis management command centers equipped, operationally and routinely tested? 12.Does the organization have written and tested: a. Crisis management plan b. IT / Asset Recovery Plans c. Business Continuity Plans, etc.? 13.Does your organization have a defined and tested emergency notification communications system? 14.How often do they test it? 15.Does the organization have a documented and communicated incident reporting procedure? 16.When do the employees receive crisis management training? 21

22 BCM Program Drivers Pocket Guide 22 Business Continuity Management Program Emergency Response & Management Team Disaster Recovery Business Continuity Business Process Owners

23 Next Steps Ask the questions Research your organizations efforts in: Business Continuity Management Continuity of Operations Resiliency Crisis Management, Etc. Do you homework Strive to get involved 23

24 Questions & Answers Contact Sam Stahl, at Cellular:

25 25

26 BIOGRAPHY Sam Stahl, CBCP, MBCI Mr. Stahl is an experienced Certified Business Continuity Planner and has a Master Degree in Project Management. He has developed a number of Business Continuity and Disaster Recovery methodologies. His experience includes developing, implementing, and testing all phases of industry-accepted Business Continuity methodologies at organizations such as IBM, Dial Corporation, AT&T Wireless, Denver International Airport, the City of Scottsdale (Arizona), Clark County Nevada (Las Vegas), Qwest Communications, Citizens Bank, First American National Bank, American Express, and others. 26

BUILDING A SECURITY CONSCIOUS BUSINESS CONTINUITY MANAGEMENT (BCM) PROGRAM

BUILDING A SECURITY CONSCIOUS BUSINESS CONTINUITY MANAGEMENT (BCM) PROGRAM BUILDING A SECURITY CONSCIOUS BUSINESS CONTINUITY MANAGEMENT (BCM) PROGRAM SAM STAHL, CBCP, MBCI EMC GLOBAL PROFESSIONAL SERVICES PROGRAM MANAGER SSTAHL777@GMAIL.COM ASIS SHANGHAI, 2015 1 AGENDA Overview

More information

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited Business Continuity and Risk Management Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited What does Business Continuity mean? Business Continuity Management- Definition Business Continuity

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Evaluating and Improving Your Business Continuity Plan

Evaluating and Improving Your Business Continuity Plan Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com

More information

2014 NABRICO Conference

2014 NABRICO Conference Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000

More information

Business Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM

Business Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM Business Continuity for the New Professional Britt Corra Enterprise BCM Erika Voss Senior BCM New to Business Continuity? Agenda & Experience 3-5 years experience? Seasoned veteran? What is BCM Tool Kit?

More information

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time

More information

EXECUTIVE CRISIS MANAGEMENT TRAINING. Presented by Roseanne Rostron, CBCP Raido Response

EXECUTIVE CRISIS MANAGEMENT TRAINING. Presented by Roseanne Rostron, CBCP Raido Response EXECUTIVE CRISIS MANAGEMENT TRAINING Presented by Roseanne Rostron, CBCP Raido Response 1 Introduction Roseanne Rostron President Raido Response Over 12 years Crisis Management, Business Continuity, Disaster

More information

INFOSEC.MY KNOWLEDGE SHARING SESSION

INFOSEC.MY KNOWLEDGE SHARING SESSION INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have

More information

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore Loss Control Webcast Disaster Recovery Planning we re not in Kansas anymore May 15, 2013 1 The information presented in this material has been developed from sources believed to be reliable. It is presented

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

Business Continuity at CME Group

Business Continuity at CME Group 1 Business Continuity at CME Group CME Group is proud of its solid Business Continuity Management program, which is central to helping mitigate potential impacts to our markets and customers. It defines

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Healthcare Disaster Recovery

Healthcare Disaster Recovery Healthcare Disaster Recovery Long Term and Residential Care: Can you really count on your Supply Chain Partners? Ralph Petti, MBCI, CBCP President, Continuity Dynamics, Inc. Wilmington, DE & Basking Ridge,

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Business Continuity Management Systems. Protecting for tomorrow by building resilience today Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

UCF Office of Emergency Management. 2013-2018 Strategic Plan

UCF Office of Emergency Management. 2013-2018 Strategic Plan UCF Office of Emergency Management 2013-2018 Strategic Plan Table of Contents I. Introduction... 2 Purpose... 2 Overview... 3 Mission... 5 Vision... 5 II. Mandates... 6 III. Accomplishments and Challenges...

More information

Beyond Effective Security. The Art and Science of Business Continuity Planning

Beyond Effective Security. The Art and Science of Business Continuity Planning Beyond Effective Security The Art and Science of Business Continuity Planning Fred Young, CIPM, CRM Executive Director Risk Management RE/MAX International Holdings, Inc The Wildlife Experience Business

More information

Business Continuity and Crisis Management

Business Continuity and Crisis Management Business Continuity and Crisis Management Crisis Management, Business Continuity and The Incident Command System Understanding Differences and Putting it all together? by Max Ckonjevic FBCI, CBCP 1 Objectives

More information

Business Continuity and Disaster Recovery Policy

Business Continuity and Disaster Recovery Policy Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION EXCERPT FROM THE FOREWORD TO THE 2ND EDITION The events of 9/11 have cast a long shadow over the world and led to a vital reappraisal of Enterprise Risk

More information

Incident Management Team The Eight Step Implementation Model. The 8 Step

Incident Management Team The Eight Step Implementation Model. The 8 Step Incident Management Team The Eight Step Implementation Model The 8 Step 1 Incident Management Team Organization The 8 Step 2 The 8 Step 3 Incident Evaluation Flowchart Incident Management Team Activation

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

BUSINESS CONTINUITY MANAGEMENT SINGAPORE SS540 BCM STANDARDS. LSA Consultants Pte Ltd

BUSINESS CONTINUITY MANAGEMENT SINGAPORE SS540 BCM STANDARDS. LSA Consultants Pte Ltd BUSINESS CONTINUITY MANAGEMENT SINGAPORE SS540 BCM STANDARDS LSA Consultants Pte Ltd BCM SINGAPORE LSA Consultants Who are we? Business Continuity Management (BCM) What is it? Singapore Standard SS540

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Driving Operational Risk Management Into the Customer/Product Value Chain

Driving Operational Risk Management Into the Customer/Product Value Chain Driving Operational Risk Management Into the Customer/Product Value Chain Eric Staffin, MBCI, CISSP Vice President, Global Head of Product & Infrastructure Risk Management Thomson Reuters, Investment &

More information

Business Continuity in Healthcare

Business Continuity in Healthcare Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,

More information

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010 Business Continuity and Emergency Preparedness Planning Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010 Overview Define key terms and list essential elements of business continuity

More information

9/3/2009. Information Systems Disaster Recovery. Learning Objectives. Why have a plan? unexpected? APPA-Institute for Facilities Management

9/3/2009. Information Systems Disaster Recovery. Learning Objectives. Why have a plan? unexpected? APPA-Institute for Facilities Management Information Systems Disaster Recovery APPA-Institute for Facilities Management J. Craig Klimczak, D.V.M., M.S. Vice-Chancellor for Technology St. Louis Community College 300 South Broadway St. Louis, MO

More information

a risk- based approach Tom Clark MBCI, CBCP, CHS-III, CBRM

a risk- based approach Tom Clark MBCI, CBCP, CHS-III, CBRM a risk- based approach Tom Clark MBCI, CBCP, CHS-III, CBRM 1 Goal: Explore achieving Crisis Management Consistency and how it relates to the aspects of Business Continuity Management involving people,

More information

Hospital Emergency Operations Plan

Hospital Emergency Operations Plan Hospital Emergency Operations Plan I-1 Emergency Management Plan I PURPOSE The mission of University Hospital of Brooklyn (UHB) is to improve the health of the people of Kings County by providing cost-effective,

More information

Emergency Management Planning Guidelines

Emergency Management Planning Guidelines Last revised Feb. 2015 Festivals & Events Emergency Management Planning Guidelines The City of Burlington has partnered with the Halton Regional Police Service (HRPS) in the development of the Emergency

More information

Boston College. Departmental Business Continuity Planning

Boston College. Departmental Business Continuity Planning Boston College Departmental Business Continuity Planning Spring 2013 1 BUSINESS CONTINUITY PROGRAM GOAL The goal of the Boston College Business Continuity Program is to ensure that all departments and

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Subject Area 9 Public Relations and Crisis Coordination

Subject Area 9 Public Relations and Crisis Coordination DRII/BCI Professional Practice Narrative: Develop, coordinate, evaluate, and exercise plans to communicate with internal stakeholders (employees, corporate management, etc.) external stakeholders (customers,

More information

Professional Practice Eight - Business Continuity Plan Exercise, Audit, and Maintenance

Professional Practice Eight - Business Continuity Plan Exercise, Audit, and Maintenance Professional Practice Eight - Business Continuity Plan Exercise, Audit, and Maintenance The goal of this professional practice is to establish an exercise, testing, maintenance and audit program. To continue

More information

PSPSOHS606A Develop and implement crisis management processes

PSPSOHS606A Develop and implement crisis management processes PSPSOHS606A Develop and implement crisis management processes Revision Number: 1 PSPSOHS606A Develop and implement crisis management processes Modification History Not applicable. Unit Descriptor Unit

More information

Business Continuity Planning for Water Utilities: Guidance Document [Project #4319]

Business Continuity Planning for Water Utilities: Guidance Document [Project #4319] Business Continuity Planning for Water Utilities: Guidance Document [Project #4319] ORDER NUMBER: 4319 DATE AVAILABLE: June 2013 PRINCIPAL INVESTIGATORS: Jack Moyer, Rhiannon Kincaid, Kory Wilmot, Kate

More information

Recovery Site Evaluation: Finding Viable Alternatives

Recovery Site Evaluation: Finding Viable Alternatives Delivering the business value of IT. Recovery Site Evaluation: Finding Viable Alternatives Michael Croy Director, Business Continuity Solutions, Forsythe Solutions Group Session Agenda - Past to Present:

More information

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market

More information

Best-in-Class Crisis Preparation:

Best-in-Class Crisis Preparation: Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s Robert Edson Vice President, Global Sales and Marketing Business Continuity Readiness Overview Business Continuity Management (BCM)

More information

Business Continuity Standards A Primer

Business Continuity Standards A Primer INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.

More information

Tips and techniques a typical audit programme

Tips and techniques a typical audit programme Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities

More information

Business Continuity. Port environment

Business Continuity. Port environment Business Continuity Port environment DEFINE BUSINESS CONTINUITY WHAT IT IS NOT RECOVERY FOCUS: PEOPLE PROCESSES TECHNOLOGY DELIVERABLES INFRAGARD DEFINITION MANAGEMENT PROCESS DEVELOPING ADVANCE PROCEDURES

More information

Generally Accepted Practices. Business Continuity Practitioners Drafted by: Disaster Recovery Journal And DRI International

Generally Accepted Practices. Business Continuity Practitioners Drafted by: Disaster Recovery Journal And DRI International Generally Accepted Practices For Business Continuity Practitioners Drafted by: Disaster Recovery Journal And DRI International DRI International 1 Generally Accepted Practices I. Preface The Business Continuity

More information

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

Subject Area 1 Project Initiation and Management

Subject Area 1 Project Initiation and Management DRII/BCI Professional Practice Narrative: Establish the need for a Business Continuity Plan (BCP), including obtaining management support and organizing and managing the BCP project to completion. (This

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Business Impact Analysis / Disaster Recovery Strategy C I T Y O F H E N D E R S O N

Business Impact Analysis / Disaster Recovery Strategy C I T Y O F H E N D E R S O N Business Impact Analysis / Disaster Recovery Strategy C I T Y O F H E N D E R S O N BACKGROUND The City of Henderson won a grant from the Department of Homeland Security to perform a Business Impact Analysis

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

BT Conferencing Business Continuity Management. Planning to stay in business

BT Conferencing Business Continuity Management. Planning to stay in business BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked

More information

Disaster Recovery/Business Continuity

Disaster Recovery/Business Continuity CITY AUDITOR'S OFFICE Disaster Recovery/Business Continuity March 6, 2015 AUDIT REPORT NO. 1511 CITY COUNCIL Mayor W.J. Jim Lane Suzanne Klapp Virginia Korte Kathy Littlefield Vice Mayor Linda Milhaven

More information

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015 Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,

More information

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Agenda. Creating a Robust Testing Program. Notification Tests. Overview of Testing. Beverly Schulz, CBCP

Agenda. Creating a Robust Testing Program. Notification Tests. Overview of Testing. Beverly Schulz, CBCP Agenda Overview of Testing Notification Tests Tabletop or Walk-through Tests Simulations Technology Outage Tests Third Party Outage Tests Workplace Outage Tests Workforce Outage Tests Reporting Creating

More information

Ohio Conference for Payroll Professionals Disaster Recovery

Ohio Conference for Payroll Professionals Disaster Recovery Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com

More information

A GUIDE TO Business Continuity Planning and Disaster Recovery Solutions

A GUIDE TO Business Continuity Planning and Disaster Recovery Solutions A GUIDE TO Business Continuity Planning and Disaster Recovery Solutions Hybrid Hosting Experts Content INTRODUCTION 3 TIPS FOR PROTECTING YOUR BUSINESS 5 HOW MANAGED SERVICES PROVIDERS CAN HELP 6 UNITEDLAYER

More information

Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion

Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion TABLE OF CONTENTS Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion PART 1: PLANNING General Considerations and Planning Guidelines... 4 Policy Group Oversight Committee Extended

More information

Business Continuity Management Software

Business Continuity Management Software Business Continuity Management (BCM) Software 1 Business Continuity Management Software All In One Continuity Management Solution A Single Platform Approach Manage entire lifecycle with comprehensive BC

More information

An Introduction to. Business Continuity Planning

An Introduction to. Business Continuity Planning An Introduction to Business Continuity Planning Company Profile Practical Experience European Head Office Extensive Client Base Established 1998 Expert Consultants Global Network Why BCP? I am often asked

More information

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning for Schools, Departments & Support Units Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations Boost BCM Program Maturity: Arm Your Team with the Right Tools Jason Zimmerman Vice President Operations Gartner Rates Incident Management Systems Benefit High In their 2014 Hype Cycle Report, Gartner

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Emergency Response Network in Your Community. Paul Haley Emergency Management Coordinator City of Trenton

Emergency Response Network in Your Community. Paul Haley Emergency Management Coordinator City of Trenton Emergency Response Network in Your Community Paul Haley Emergency Management Coordinator City of Trenton Your Local Emergency Management Support What we are going to cover Objectives Questions anytime

More information

Contents. About Perpetuuiti. Continuity Vault. Continuity Patrol. Ops Central. Questions & Answers. Section 2. Section 3. Section 4.

Contents. About Perpetuuiti. Continuity Vault. Continuity Patrol. Ops Central. Questions & Answers. Section 2. Section 3. Section 4. Contents Section Agenda 1 About Perpetuuiti Section 2 Continuity Vault Section 3 Continuity Patrol Section 4 Ops Central Section 5 Questions & Answers About Perpetuuiti Realising gaps in availability management,

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

Protecting Your Business

Protecting Your Business Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS Business Continuity/Disaster Recovery Planning 1 Agenda:

More information

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster

More information

PART 2 LOCAL, STATE, AND FEDERAL EMERGENCY RESPONSE SYSTEMS, LAWS, AND AUTHORITIES. Table of Contents

PART 2 LOCAL, STATE, AND FEDERAL EMERGENCY RESPONSE SYSTEMS, LAWS, AND AUTHORITIES. Table of Contents PART 2 LOCAL, STATE, AND FEDERAL EMERGENCY RESPONSE SYSTEMS, LAWS, AND AUTHORITIES (Updates in Yellow Highlight) Table of Contents Authorities: Federal, State, Local... 2-1 UCSF s Emergency ManagemenT

More information

The handouts and presentations attached are copyright and trademark protected and provided for individual use only.

The handouts and presentations attached are copyright and trademark protected and provided for individual use only. The handouts and presentations attached are copyright and trademark protected and provided for individual use only. READINESS RESOURCES American Bar Association -- www.abanet.org Disaster Recovery: www.abanet.org/lpm/lpt/articles/slc02051.html

More information

Plan Development Getting from Principles to Paper

Plan Development Getting from Principles to Paper Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards

More information

Business Continuity Management Planning Methodology

Business Continuity Management Planning Methodology , pp.9-16 http://dx.doi.org/10.14257/ijdrbc.2015.6.02 Business Continuity Management Planning Methodology Dr. Goh Moh Heng, Ph.D., BCCLA, BCCE, CMCE, CCCE, DRCE President, BCM Institute moh_heng@bcm-institute.org

More information

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan December 13, 2006 Revision XXQwest Government Services, Inc. 4250 North Fairfax DriveArlington, VA 22203(Delete this page)revision history Revision Number Revision Date

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning Erinn Skiba Emergency Management Specialist Hillsborough County Fire Rescue Office of Emergency Management June 26 th, 2013 Welcome History of BCP with Hillsborough County

More information

UNION COLLEGE INCIDENT RESPONSE PLAN

UNION COLLEGE INCIDENT RESPONSE PLAN UNION COLLEGE INCIDENT RESPONSE PLAN The college is committed to supporting the safety and welfare of all its students, faculty, staff and visitors. It also consists of academic, research and other facilities,

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet

More information

ABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability

ABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability ABA Homeland Security Law Institute Panel Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability March 23, 2012 Remarks of Stephen Amitay, Counsel to ASIS International

More information

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31 The ABC s of BCP Jeremy Sucharski Governance Risk and Compliance G31 Jeremy Sucharski, CISA, CRISC Over 12 years of experience CISA and CRISC Certifications Governance, Risk and Compliance Practice Leader

More information

Angie M. Santiago President, CPAC Triangle Chapter

Angie M. Santiago President, CPAC Triangle Chapter Public Policy & Regulatory Trends in Business Continuity Management Title IX - A Primer Angie M. Santiago President, CPAC Triangle Chapter 1 Agenda PL 110 53 History Governance structure Major Stakeholders

More information

A BCP Tale: From Theory to Practice

A BCP Tale: From Theory to Practice A BCP Tale: From Theory to Practice Presenter: Gord Novoselnik Problem & Configuration Manager, Enterprise Solutions Division, MTS Allstream Gord.Novoselnik@mtsallstream.com 1 10 Commandments of BCM I.

More information

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan Meeting FFIEC Requirements: Enterprise-Wide Testing of Your Business Continuity Plan April 25, 2012 Robin Remines, CBCP, AMBCI Certified Business Continuity Professional The OGO Difference Focus on making

More information

Career Opportunities in the Security Industry

Career Opportunities in the Security Industry Spring Conference 2013 Developing Future Leaders for Tomorrow s Challenges Career Opportunities in the Security Industry Mike Rock Division Director Asset Protection Wal-Mart (773) 380 3764 mike.rock@wal-mart.com

More information