By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015"

Transcription

1 Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

2 Agenda Taking your Business Continuity Program to the Next Level Statistics and Recent Disaster Events Regulatory Guidelines / Latest Updates BCP Contents Other Considerations / Lessons Learned 2

3 Not So Fun Facts A 2012 Survey showed that the Top 4 causes of downtime that year were: Hardware Failure 55% Human Error 22% Software Failure 18% Natural Disasters 4% Don t Let The Door Hit You 40% of business severely compromised by a disaster go out of business within 6 months 90% of businesses that are down for 7 days do not reopen Cost of Not Being Prepared: Of businesses that experience a major loss of data without a plan: 51% close within 2 years 43% never reopen 6% survive long-term 3

4 Increased Scrutiny It is no longer sufficient to point to the Large Book on the shelf 4

5 Recent Events Changes in preparedness and scrutiny by regulators and examiners began after 9/11 & Katrina and continue to increase with each incident. Hurricanes Irene & Sandy Winter 2011 Blizzard The East Coast Earthquake Tornadoes and thunderstorms Boston bombing 5

6 Regulatory Guidelines FFIEC Revised Guidelines on BCP SEC Risk Alert FFIEC Appendix J

7 FFIEC Guidelines 2008 Revision Board and Senior Management Responsibilities Executive Overview of the BCP Process Board of Directors responsibility Business Continuity Planning Process Enterprise-wide approach to planning Business Impact Analysis Define critical functions Impact to business if those functions were interrupted Resources required to support those functions Critical Timeframes to Recover Risk Assessment What threats could possible impact your operations? Where are your vulnerabilities? Risk Management Implementing Controls Developing a sound BCP Implementing a reliable Recovery Strategy Risk Monitoring Testing Maintenance Other Policies, Standards, and Processes Vendor Management Pandemic Planning 7

8 Sample BCP Contents Introduction Executive / Policy Statement Scope/Purpose Assumptions Incident / Scenario Descriptions Command Centers and Contingency Sites Incident Response Risk / Threat Assessment 8

9 Sample BCP Contents Business Impact Analysis BCP Teams Disaster Recovery / Technology Recovery Restoration Awareness and Training Maintenance Testing Pandemic Plan Appendices 9

10 FFIEC Guidelines 2015 Update February 2015: Appendix J: Strengthening the Resilience of Outsourced Technology Services Result of increasing dependency on outsourced technology providers for critical systems and infrastructure Four Specific Areas 10

11 FFIEC Guidelines 2015 Update Third Party Providers More and more processes are outsourced; must consider vendor response and recovery plans Ask for detailed SLAs Widespread regional events have identified issues with suppliers Contingent business interruption loss: A loss that a business suffers as a result of damage to other property that prevents one of the suppliers from providing goods and/or services to the business, or that prevents the business customers from accepting goods and/or services from the business. 11

12 FFIEC Guidelines 2015 Update Area One Third-Party Management addresses a financial institution management s responsibility to control the business continuity risks associated with its TSPs and their subcontractors. 12

13 FFIEC Guidelines 2015 Update How To Prepare Third-Party Management Validate that third party resilience considerations are part of your vendor management program, including due diligence, contract negotiations and ongoing monitoring. Evaluate the use of subcontractors by your TSPs. Ensure TSPs are reviewing their subcontractor s business continuity plans. 13

14 FFIEC Guidelines 2015 Update Area Two Third-Party Capacity addresses the potential impact of a significant disruption on a third-party servicer s ability to restore services to multiple clients. 14

15 FFIEC Guidelines 2015 Update How To Prepare Third-Party Capacity Ensure that your TSPs have adequate planning and testing strategies to support multiple clients in a regional event. Identify a comprehensive set of alternative resources to provide services in the event your TSPs are unable to recover from a wide-scale disruption. 15

16 FFIEC Guidelines 2015 Update Area Three Testing with Third-Party Technology Service Providers addresses the importance of validating business continuity plans with TSPs and considerations for a robust third-party testing program and including third party providers in the client s testing. 16

17 FFIEC Guidelines 2015 Update How To Prepare Testing with Third-Party Technology Service Providers Participate in BCP testing with TSPs, whenever possible. If not possible, review TSPs test results, remediation plans and status reports on their completion. Identify any gaps following testing. Draft a plan to ensure all gaps are addressed. 17

18 FFIEC Guidelines 2015 Update Area Four Cyber Resilience covers aspects of BCP unique to disruptions caused by cyber events 18

19 FFIEC Guidelines 2015 Update How To Prepare Cyber Resilience Ensure that Cyber threats are addressed in the BCP Risk Assessment. Validate that TSPs have an up-to-date incident response plan. Ensure the plan is periodically tested. Research and identify third-party forensic investigators that may be required following a cyber incident. 19

20 Other Considerations / Lessons Learned Executive Oversight FFIEC guidelines require annual signoff on the BCP by Board of Directors Ensuring a sufficient plan is in place Allocating responsibility of the plan Plan must be reviewed and updated at least annually Employee awareness Testing Supporting any actual recovery effort 20

21 Other Considerations / Lessons Learned Enterprise Wide Approach to Planning BCP is no longer an IT driven initiative FFIEC guidelines call for a business driven recovery plan 21

22 Other Considerations / Lessons Learned Scenarios Examiners are looking for responses to a wider range of possible scenarios Considering multiple scenarios while still focusing on worst case How do we avoid the vicious What If cycle? How do you determine worst case? 22

23 Other Considerations / Lessons Learned Incident Response Cross referencing communication and escalation procedures Media/External Communications, including customers Employee meeting areas Incorporating public sector and local authorities as necessary Ongoing communications during an event 23

24 Other Considerations / Lessons Learned Communications Plans Identify methods of communicating to employees, clients, etc. throughout the incident, not just at the onset Develop a procedure for communicating prior to incidents that have warning Ensure the plan adequately identifies who is responsible for what, including internal and external communications 24

25 Other Considerations / Lessons Learned Business Impact Analysis (BIA) Is this business driven? Identifying MAD, RTOs, & RPOs for critical processes and systems Helps determine recovery strategy Do they coincide? Prioritizing processes and resource requirements into more condensed, well defined RTOs MAD= Maximum Allowable Downtime RTOs= Recovery Time Objective RPOs= Recovery Point Objective 25

26 Other Considerations / Lessons Learned Recovery Reality How realistic is your recovery strategy? Have you tested that your recovery strategy supports the business critical RTOs and RPOs? Is your DR site equipped with the appropriate requirements? How often is this reviewed? Are changes to business incorporated? 26

27 Other Considerations / Lessons Learned Alternate Site Selection Geographic Diversity Accessibility Vulnerabilities 27

28 Other Considerations / Lessons Learned Telecommunications Services and Technology Consider multiple providers Considerations for cloud computing Evaluate working from home as an option in such an event Testing of backup/redundant servers UPS and generators for critical systems Elevating technology equipment to avoid flooding damage 28

29 Other Considerations / Lessons Learned Granularity More detailed Action Plans at the department level, especially focusing on the initial phase of incident response 29

30 Other Considerations / Lessons Learned Testing Requirement for more dynamic testing Different types of exercises More frequent tests that are smaller in scope can make testing more manageable Incorporating user community 30

31 Other Considerations / Lessons Learned Awareness & Training How often are employees made aware of plan details? Do employees understand their role in the BCP? 31

32 Other Considerations / Lessons Learned Adequate Business Interruption Insurance Understand the cost of downtime to determine adequate amount of coverage. This should include costs related to the recovery effort as well. Understand the contingencies for being able to collect the insurance are there things you are required to do or not to do in order to collect? Contingent Business Interruption coverage Is this included in your policy? Request Certificates of Insurance from providers and suppliers 32

33 Other Considerations / Lessons Learned Regulatory and Compliance Considerations Incorporate any regulatory changes/updates into the BCP Consider time sensitive regulatory requirements while planning and consider investigating procedures for requesting reporting extensions prior to an incident 33

34 Other Considerations / Lessons Learned Incorporating BCP into every day business Considering how changes to the business affects your BCP is essential to ensuring your BCP stays current and sufficient Personnel changes- growth System/Application changes consider redundancy in budget Vendor/Provider changes Other technology changes New and updated policies and procedures Audit Feedback 34

35 Bringing The BCP To The Next Level Automation Automating the Business Continuity Program has several benefits Access Security Central Repository Distribution of Ownership Streamlined Maintenance Version Control etc. 35

36 Conclusion 36

37 Thank You Tracy Hall, MBCP IT Assurance Manager

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP 2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

Appendix J: Strengthening the Resilience of Outsourced Technology Services

Appendix J: Strengthening the Resilience of Outsourced Technology Services Appendix J: Strengthening the Resilience of Outsourced Technology Services Background and Purpose Many financial institutions depend on third-party service providers to perform or support critical operations.

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

2014 NABRICO Conference

2014 NABRICO Conference Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000

More information

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster

More information

Business Continuity Planning Preparing Your Organization

Business Continuity Planning Preparing Your Organization Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Disaster Recovery Planning

Disaster Recovery Planning Disaster Recovery Planning NOW or NEVER Disaster Recovery Team Aura Advanced Technologies Aura Advanced Technologies Inc 1301-1121 Sixth Avenue SW Calgary, Alberta T2P 5J4 Phone: 403-269-6123 Fax: 403-269-6169

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

Some companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will.

Some companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will. How Disaster Recovery Planning Can Be Leveraged For Electronic Discovery and Litigation Response Digital Discovery and e-evidence John Connell April 1. 2008 Hurricanes, floods, earthquakes, power outages,

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

NAVIGATING THROUGH A CATASTROPHIC DISASTER: NAVIGATING THROUGH A CATASTROPHIC DISASTER: The five most common mistakes in business continuity planning As we continue to send our thoughts and prayers to the Japanese people, many of us are also reflecting

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

White Paper. Lifecycle Disaster Recovery Costs

White Paper. Lifecycle Disaster Recovery Costs White Paper Lifecycle Disaster Recovery Costs Lifecycle Disaster Recovery Costs Do you really understand the costs to a financial institution for IT Disaster Recovery? Most professionals working in a

More information

Pandemic Planning. Presented by: Ron Wagner, IT Examiner with FDIC & Dana Lavey, Supervision Analyst with NCUA

Pandemic Planning. Presented by: Ron Wagner, IT Examiner with FDIC & Dana Lavey, Supervision Analyst with NCUA Pandemic Planning Presented by: Ron Wagner, IT Examiner with FDIC & Dana Lavey, Supervision Analyst with NCUA Regulator Expectations FDIC and NCUA have similar expectations for pandemic planning Pandemic

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Business Continuity Template

Business Continuity Template Emergency Management Business Continuity Template The Regional Municipality of Wood Buffalo would like to give credit to the Calgary Emergency Management Agency (CEMA) and the Calgary Chamber of Commerce

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Business Continuity Planning

Business Continuity Planning Introduction Business continuity planning (BCP) is an organization s preparation process to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook Table of Contents 1. Introduction to Business Continuity Planning and Disaster

More information

How to Design and Implement a Successful Disaster Recovery Plan

How to Design and Implement a Successful Disaster Recovery Plan How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Small Business Continuity Workshop. Region 1- Vermont

Small Business Continuity Workshop. Region 1- Vermont Small Business Continuity Workshop Region 1- Vermont September 10, 2015 Housekeeping Emergency Procedures Restrooms Distractions 2 Workshop Agenda 9:00 AM Introductions & Objectives 9:15 AM Recent Vermont

More information

Regulatory Notice 13-25

Regulatory Notice 13-25 Regulatory Notice 13-25 FINRA, the SEC and CFTC Issue Joint Advisory on Executive Summary Following Hurricane Sandy, which caused widespread damage on the northeast coast of the United States in October

More information

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan Meeting FFIEC Requirements: Enterprise-Wide Testing of Your Business Continuity Plan April 25, 2012 Robin Remines, CBCP, AMBCI Certified Business Continuity Professional The OGO Difference Focus on making

More information

A Crisis Response, Information Sharing View of FFIEC Appendix J?

A Crisis Response, Information Sharing View of FFIEC Appendix J? A Crisis Response, Information Sharing View of FFIEC Appendix J? Susan Rogers (MBCP, MBCI) Financial Services Information Sharing and Analysis Center FS-ISAC, Business Resiliency Director srogers@fsisac.us;

More information

D2-02_01 Disaster Recovery in the modern EPU

D2-02_01 Disaster Recovery in the modern EPU CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Measuring Continuity Planning Program. Performance

Measuring Continuity Planning Program. Performance Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda

More information

Overview. Emergency Response. Crisis Management

Overview. Emergency Response. Crisis Management Prudential Financial s Preparedness Strategy Overview Emergency Response, Crisis Management, Business Continuation, Technology Disaster Recovery & Health Crisis Preparedness Prudential is committed to

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries IOSCO/MR/54/2015 Madrid, 22 December 2015 IOSCO reports on business continuity plans for trading venues and intermediaries The Board of the (IOSCO) today published two reports that seek to enhance the

More information

EVALUATING YOUR DISASTER READINESS?

EVALUATING YOUR DISASTER READINESS? EVALUATING YOUR DISASTER READINESS? START WITH YOUR RESPONSE MANAGEMENT VENDOR Business Continuity and Disaster Recovery: Best Practices for Successful Planning What would happen to your organization if

More information

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management

More information

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile

More information

Business Continuity Planning for Water Utilities: Guidance Document [Project #4319]

Business Continuity Planning for Water Utilities: Guidance Document [Project #4319] Business Continuity Planning for Water Utilities: Guidance Document [Project #4319] ORDER NUMBER: 4319 DATE AVAILABLE: June 2013 PRINCIPAL INVESTIGATORS: Jack Moyer, Rhiannon Kincaid, Kory Wilmot, Kate

More information

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Agenda Key components essential to a FFIEC compliant Business Continuity Plan Recovery Time Objectives & Recovery Point

More information

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN 5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for

More information

2010 Symantec Disaster Recovery Study. Global Results

2010 Symantec Disaster Recovery Study. Global Results 2010 Symantec Disaster Recovery Study Global Results Methodology Applied Research performed survey 1,700 enterprises worldwide 5,000 employees or more Cross-industry 2 Key Findings Virtualization and Cloud

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Testimony of. Edward L. Yingling. On Behalf of the AMERICAN BANKERS ASSOCIATION. Before the. Subcommittee on Oversight and Investigations.

Testimony of. Edward L. Yingling. On Behalf of the AMERICAN BANKERS ASSOCIATION. Before the. Subcommittee on Oversight and Investigations. Testimony of Edward L. Yingling On Behalf of the AMERICAN BANKERS ASSOCIATION Before the Subcommittee on Oversight and Investigations Of the Committee on Financial Services United States House of Representatives

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan Introduction This manual documents the business continuity plan for Eastwood Wealth Management, an LPL Financial branch office that conducts business in: equity, fixed income,

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

Building a strong business continuity plan

Building a strong business continuity plan Building a strong business continuity plan Protect your clients and firm with a well-planned business continuity plan A solid business continuity plan (BCP) is about more than simply staying in compliance.

More information

PBSi Business Continuity Planning

PBSi Business Continuity Planning Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

Business Continuity at CME Group

Business Continuity at CME Group 1 Business Continuity at CME Group CME Group is proud of its solid Business Continuity Management program, which is central to helping mitigate potential impacts to our markets and customers. It defines

More information

Ready for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business

Ready for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS Administration, Louisiana Economic Development and participating universities. All opinions, conclusions or recommendations expressed are those of the author(s)

More information

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan December 13, 2006 Revision XXQwest Government Services, Inc. 4250 North Fairfax DriveArlington, VA 22203(Delete this page)revision history Revision Number Revision Date

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Agenda. Creating a Robust Testing Program. Notification Tests. Overview of Testing. Beverly Schulz, CBCP

Agenda. Creating a Robust Testing Program. Notification Tests. Overview of Testing. Beverly Schulz, CBCP Agenda Overview of Testing Notification Tests Tabletop or Walk-through Tests Simulations Technology Outage Tests Third Party Outage Tests Workplace Outage Tests Workforce Outage Tests Reporting Creating

More information

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses. 1. An Introduction This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses. This presentation was prepared by the South Central Economic

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

Plan Development Getting from Principles to Paper

Plan Development Getting from Principles to Paper Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011

More information

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness Issue Date: August 31, 2006 Audit Report Number 2006-DP-0005 TO: Lisa Schlosser, Chief Information Officer, A FROM: Hanh Do, Director, Information System Audit Division, GAA SUBJECT: Review of HUD s Information

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP 2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf

More information

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

AUSTRACLEAR REGULATIONS Guidance Note 10

AUSTRACLEAR REGULATIONS Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

Building Economic Resilience to Disasters: Developing a Business Continuity Plan

Building Economic Resilience to Disasters: Developing a Business Continuity Plan Building Economic Resilience to Disasters: Developing a Business Continuity Plan Buffalo Niagara Region February 26, 2014 Gail Moraton, CBCP Business Resiliency Manager Business Resiliency one important

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Disaster Preparedness & Response

Disaster Preparedness & Response 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

March 2007 Report No. 07-009. FDIC s Contract Planning and Management for Business Continuity AUDIT REPORT

March 2007 Report No. 07-009. FDIC s Contract Planning and Management for Business Continuity AUDIT REPORT March 2007 Report No. 07-009 FDIC s Contract Planning and Management for Business Continuity AUDIT REPORT Report No. 07-009 March 2007 FDIC s Contract Planning and Management for Business Continuity Results

More information

[Insert Company Logo]

[Insert Company Logo] [Insert Company Logo] Business Continuity and Disaster Recovery Planning (BCDRP) Manual 1 Table of Contents Critical Business Information 4 Business Continuity and Disaster Recover Planning (BCDRP) Personnel

More information

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1 Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4

More information