Business Continuity Management Emerging Trends

Transcription

1 Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO LI Associate Director Axis Risk Consulting March 2013

2 Outline 2 1. Business Trend and Emerging Technology Impact on BCM 2. Emerging Technology Benefits for BCM 3. Risk Management, Governance and Assurance Trends 4. Implementation Trends ISO Certified BCMS 5. Implementation Trends Threat Assessment Efficiencies 6. Implementation Trends Integration with ERM Tools 7. Implementation Trends Leveraging public services 8. Implémentation Trends Virtual Desktop Infrastructure 9. Implementation Trends Work from Home - Work from Anywhere 10. Implementation Trends Crisis Management Call Tree

3 Business Trend and Emerging Technology Impact on BCM 3 Rapidly Changing Business Environment The rapid pace of business and technology changes coupled with increasing performance expectations from customers, employees and management apply constant pressure on IT infrastructures and supporting teams to provide around-the-clock availability and minimize planned and unplanned disruptions. Global Operations The shift of IT services to specialized third-party service providers is driving higher expectations of greater utilization and efficiency. There are also new threats and vulnerabilities to business performance, security and continuity arising from growing interdependencies with third-party service providers. Regulatory Scrutiny The disperse storage or processing of data exposes enterprises to potential legal and regulatory risk. It is vital that enterprises secure, under contract, the right to know the ultimate location of its data and defines clear roles, responsibilities and liabilities relative to legal and regulatory requirements. Emerging Technologies Enterprises need to adopt technologies that enable high-availability systems, real-time communications and faster recovery times while minimizing IT cost. Advances in telecommunications, more user-friendly technology, improved data storage solutions, cost-effective virtualized environments, cloud computing, mobile devices and social networks. Source: An ISACA Emerging Technology White Paper December 2012

4 Emerging Technology Benefits for BCM 4 Recovery Time and Data Loss Advances in data storage and replication capabilities Better backup technologies, server virtualization Disaster recovery plans that take advantage of virtualization require less physical resources and administrative personnel New parameters for RTO and RPO Improved Resilience Server virtualization and cloud computing - provides ability to move applications to temporary environments Virtual desktop infrastructure (VDI) enables more distributed work forces and access to critical applications during a disaster. Cloud computing services - DRaaS, BaaS, STaaS and SaaS. Cost Efficiency Virtualization, virtualized server, Cloud Computing - reduce the number of IT assets and administrative personnel, can be used to test DR and BC plans and save money by turning off services after testing is complete Mobile devices may be a cheaper option than providing traditional computer equipment for home use or for temporary use similarly social networks could be leveraged for communication to larger audiences Communications Automated notification systems have replaced manual call-tree processes Offsite storage of plans plans on mobile devices Social networks can be an efficient way to communicate during a disaster Source: An ISACA Emerging Technology White Paper December 2012

5 Risk Management, Governance and Assurance Trends 5 Risk Management The analysis must be updated as business processes, organizations and IT systems change The level of complexity to map applications and services to business processes to facilitate an effective BIA represents a challenge for many enterprises Governance Appropriate Governance Forum, may be the common forum for overall risk for better representation, co-ordination and integration Adequate policies requiring management to implement and maintain a BCM program RACI chart for the key governance and management practices BCM Assurance The primary assurance consideration - Ascertain whether the enterprise has a mature process to assess risk related to changes and properly modify BCM strategies accordingly Standards ISO 22301, ISO 27031, FFIEC Frameworks & Best Practices COBIT, Risk IT, ITIL Source: An ISACA Emerging Technology White Paper December 2012

6 Implementation Trends ISO Certified BCMS 6 Certification Trends Analysis of BS vis-à-vis ISO BS certified Organizations are in the transition path for ISO Some Organizations have stated looking at BCMS certification to integrate in to the existing ISO frameworks Opportunity to also align everything in to Enterprise Risk Management - ISO specifically referred in the standard for Risk / Threat Assessment integration ISO Elements Interested Party Analysis Citizens Customers Distributors Shareholders Investors Owners

7 Implementation Trends ISO Certified BCMS 7 Activities Phase Phases - Plan, Do, Check, Act Plan Understand the organization Expectation of interested parties Scope of Management Systems BCMS and policy Roles, Responsibilities and Authorities BC Objectives Actions to address risk & opportunities Resources, Competence Awareness & Communication Do Operational Planning & Control Business Impact Analysis Risk Assessment BC Strategy Establish & implement BC procedures Exercising and Testing Continuous Improvement life Cycle Check Monitoring, Measurement, Analysis and Evaluation Internal Audit PLAN Management Review DO ACT CHECK Act Treatment of Nonconformities Continual Improvement

8 Implementation Trends Threat Assessment Efficiencies 8 Efficiencies in TA Generic site / facility specific TA Repetitive Threats at process level poses challenges in consistency, maintainability and usability Segregating Threat Assessment in to separate domains specific for site and process brings in effectiveness and efficiency Supplemental Process specific TA

9 Implementation Trends Integration with ERM Tools 9 Integration Advantages Snap shot of Risk including BCM Risk Consolidate business continuity and disaster recovery plans, business processes, impact analyses and recovery procedures to allow efficient governance Test your business continuity and disaster recovery plans to identify process gaps, determine the time it will take to restore business processes and infrastructure, and ensure that all dependencies have been captured. Report crisis situations that occur anywhere in the organization, including natural disasters, workplace violence, product tampering, terrorist attacks, etc. In the event that a crisis occurs, enable rapid contact with emergency responders through phased notification plans designed for specific business units, departments or facilities. Gain an enterprise view of business continuity program through flexible reporting capabilities. Report in real time on plan testing, gap analyses and remediation efforts, and gain a real-time view of current and historical crisis

10 Implementation Trends Leveraging public services 10 Low cost, high availability Minor configuration tweaks during disaster s are seen as life line of the organization communication and restoring it during major IT disaster is always a challenge Increasingly public domain services are leveraged for immediate recovery Additional risk assessment of data confidentiality Temporary Corporate Mail Box

11 Implementation Trends Virtual Desktop Infrastructure 11 Virtual Desktop Infrastructure Practices Virtual Desktop Infrastructure Implementation Virtual desktop infrastructure (VDI) has a positive impact on BCM because it enables more distributed work forces and access to critical applications during a disaster. As long as employees can access the Internet, they will have access to applications configured to be delivered using virtual desktops; this can minimize productivity loss and reputational damage resulting from poor customer support during an outage. Leveraging VDI as part of the BCM strategy can help reduce the cost associated with work area recovery because the efforts to recover physical facilities may be spread over longer periods of time without sacrificing productivity or efficiency.

12 Implementation Trends Work from Home - Work from Anywhere 12 WFH - WFA Traditional Work From Home With penetration of smart phones and smart hand held computing devices, many more options have opened up for Disaster Recovery Strategies All critical processes could be supported during disaster scenarios with the required voice and data capabilities Work from Anywhere Options Work from Anywhere Options

13 Implementation Trends Crisis Management Call Tree 13 ANS Advantages Automated Notification Systems Automated notification systems have replaced manual call-tree processes. These automated systems can be linked to human resource (HR) databases to update employee information efficiently and in a timely manner, thus reducing the risk of using outdated contact information during a critical time. Messages can be distributed using voice, short message service (SMS) or and received using mobile devices.

14 This document has been developed by Axis Risk Consulting ( Axis ) and will remain its property, and as such, the contents may not be disclosed to any third party, nor may any original concept devised by Axis be used commercially. w w w. a x i s i n d i a. c o.i n CONTACT INFORMATION Samir Shah Associate Director Samir.Shah@axisindia.co.in Mumbai Gurgaon Bangalore New York London Sydney Nishuvi, 3 rd Floor 75, Dr Annie Besant Road Worli, Mumbai (22) st Floor, 22-B, Sector 18 - Udyog Vihar, Ph IV, Gurgaon (124) Gr Floor Bldg 2 Salarpuria Softzone Outer Ring Road, Bellandur, Varthur Hobli Bangalore (80) Avenue of the Americas Suite 4100, New York, New York (804) Genpact UK Limited 64 Baker Street London W1U 7GB +44 (207) Darling Park, Tower 2 201, Sussex Street Sydney 2000, Australia +61 (29) Axis Risk Consulting. All rights reserved Axis Risk Consulting. All rights reserved.