CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

Size: px
Start display at page:

Download "CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM"

Transcription

1 A WHITE PAPER CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM AUTHORS: Neil A. Smith, MBCP Sandra Riddell, MBCI CSC Papers 2013 ABSTRACT The auditors said our organization needs a Business Continuity Management (BCM) program, so our IT Manager documented a Disaster Recovery Plan (DRP) and performed a DR test. That s all we need... right? A few years ago, a tested DRP was all that was needed to comply with disaster recovery audit requirements. Today, it s a different story. Not only auditors, but BC/DR industry best practices suggest that plans be implemented and tested for Business Continuity, Crisis Management, Emergency Response, as well as Disaster Recovery in order to have a mature enterprise BCM program. The CSC Business Continuity Services (BCS) organization is advocating as a potential service offering, a Maturity Assessment program aligned with comprehensive processes that ensure continual governance and control over the sustainability of the organization against all possible threats which, when unplanned incidents cause a breach, can have a detrimental impact to the financial position and brand integrity of an organization. The BCM program answers the rhetorical questions of, Where are we now in terms of business continuity?, Where are we going?, How will we get there? and finally How do we communicate progress? Improving business continuity maturity across an organization, whilst demonstrating compliance to appropriate standards, e.g., ISO and BS25999, requires a structured roadmap and senior management commitment. The solution combines 30 years of CSC BC/DR practitioner experience across CSC s six industry verticals of 1. Chemical, Energy & Natural Resources 2. Financial Services 3. Technology & Consumer 4. Manufacturing 5. Health Services 6. Public Sector, and the Business Continuity Maturity Model (BCMM ), developed by Virtual Corporation, Inc., - a free open access tool, and the Continuity Management Solution (CMS), licensed by SunGard Availability Services. CMS, which incorporates multiple software modules, BIA Professional, LDRPS (Living Disaster Recovery Planning System) and NotiFind, will support the entire BCP lifecycle. This combination allows for the assessment of an enterprise s multiple locations, by way of an online survey, where LDRPS both presents, hosts and collates responses based on a potential BCMM assessment methodology, along with analyses by Business Continuity specialists providing the enterprise roadmap to a required maturity level.

2 Executives have an inherent business dilemma; Will our BCM program keep my business functional during and following a catastrophic event? Are our planning efforts going to be enough? An organization needs a structured roadmap that garners executive commitment, outlines business continuity principles, process and compliance throughout the enterprise, while projecting timelines to meet BC/DR maturity requirements. It is this roadmap that will assist Executives in defining BCM scope and objectives and to better lead and direct the wider organization in focussing on those objectives. In closing, the authors describe a variety of benefits of CSC s offerings, which include its use as a proven framework to assess Business Continuity capability by identification and customisation of a proper tool to automate the process of measuring maturity. BCM maturity measurements allow Executives to clearly understand their starting point on the road to BCM maturity, and most importantly, establish a clear roadmap and communication facilities for the enterprise organization to meet strategic Business Continuity objectives. 2

3 I. INTRODUCTION Business Continuity Management (BCM) is a management process that identifies potential impacts that threaten an organization and provides a framework for building resilience and the capability for an effective response which safeguards the interests of its key stake holders, reputation, brand and value-creating activities. This means BCM is inclusive of disaster recovery, business recovery, crisis management, incident management, emergency management, contingency planning, notification and escalation plus the old fashioned Plan B. CEOs are quite nervous about Plan B options unless the organization has made the investment and commitment of resources to build a BCM structure that minimizes the impacts and implements the planning for and the response processes to taking action in the event of a disaster. The BCM program now gives the CEO confidence that his organization has implemented proper contingency planning and emergency response processes that minimises potential physical site and data security incidents, financial losses, worker productivity and morale issues, physical asset loss, as well as knowing the organization s key stake holders will support ally recovery and restoration activities needed to ensure continued operation of critical business functions ensuring overall organization survival. But to what extent will your current business continuity program ensure organizational survival? Will it all work together? Figure 1 - CSC s Modular View of Business Sustainability CSC s modular view of Business Sustainability integrates Notification and Escalation, Incident Management, defined and tested Crisis Management Plans, Business Continuity Plans and Disaster Recovery Plans, to document business resumption process and procedures following an interruption. Implementation of one or more sustainability modules will lessen the amount of scrambling around when reacting and responding to a disaster event. Keeping the business functional during a disaster is never easy, but a combination of business continuity, crisis management and disaster recovery planning will move the organization closer to a successful recovery and business restoration. But to what extent will your current business continuity program ensure organizational survival? Will it all work together? Executive leadership in any organization must focus on the ability to react and maintain operations should a catastrophic event adversely affect business functionality. Questions needing 3

4 answers revolve around the uncertainty of Do we have a DRP? How old is it? Has it been tested? Can we survive? To answer Executive Leadership s questions and help determine the maturity of an organization s business continuity program and provide a roadmap for its development and maturity, CSC has developed a Business Continuity (BC) Maturity Assessment Program that leverages the Business Continuity Maturity Model (BCMM ) originally published in BCMM addresses the need of organizations to be able to assess and improve their business continuity program. BCMM creates a mechanism that can: BC maturity assessment benefits organizations by targeting the entire enterprise and defining BC maturity rules that accurately reflect the organization s business continuity needs. 1. Provide a diagnostic tool for objective evaluation of business continuity program effectiveness. 2. Generate consistent data from which meaningful benchmark analyses could be drawn. 3. Answer the following key questions for senior management: a. Where are we now? i. What level of BC program maturity do we currently possess? b. What is the target we are shooting for? i. What level of BC program maturity is our ultimate goal? c. What evolutionary path do we follow to get there? i. How should we progress most effectively to the next Level? e.g., let s crawl, then walk, then run. II. KEY BENEFITS OF A BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM A business continuity maturity assessment service offering within CSC would benefit organizations by targeting the entire enterprise and defining BC maturity rules that accurately reflect the organization s business continuity needs. An effective Business Continuity Program Provides the ability to determine the level of Business Continuity maturity 2. Provides the ability to determine a unique client specific roadmap to meet corporate BC maturity requirements 3. Provides periodic monitoring and internal auditing processes to verify compliance to the set baseline Maturity level 4. Provides clearly allocated roles and responsibilities for each task identified in the program 5. Provides clear, demonstrable evidence of compliance to the maturity program in place and can be used as evidence in the certification process 6. Able to provide enterprise-wide communication of status and progress of BC maturity to management and concerned stakeholders 7. Able to proactively identify the impacts of an operational disruption 8. Has in place an effective response to disruptions which minimizes the impacts on the organization 9. Maintains an ability to manage risks 10. Is able to demonstrate a credible response through a process of exercising/testing 11. Could enhance the organization s reputation and brand. 4

5 III. THE BUSINESS CONTINUITY MATURITY MODEL The Business Continuity Maturity Model (BCMM ), developed by Virtual Corporation, Inc., is a free open access assessment tool which provides a standard approach to measure an organization s BC maturity and direction for creating and maintaining a BC program as a sustainable process. The model focuses on the presence and evolution of the core competencies and skill sets that lead to the development and maintenance of effective process. Competency Maturity Level Figure 3 BCMM Maturity Levels BCMM provides a standardized approach to gauging business continuity maturity and consists of: Six (6) Levels of maturity (from 1 to 6) Program Basics Sr. Mgmt Professional Commitment Support Governance Eight (8) Corporate Competencies All Units Participating Program Development Integrated Planning Cross- Functional Level 1 Self-Governed No No No No No No Level 2 Departmental Marginal Partial No No No No Level 3 Cooperative Partial Yes Partial No No No Level 4 Standards Compliant Yes Yes Yes Yes No No Level 5 Integrated Yes Yes Yes Yes Yes No Level 6 Synergistic Yes Yes Yes Yes Yes Yes Associated Criteria Categories & Descriptors The model focuses on the presence and evolution of the core competencies and skill sets that lead to the development and maintenance of effective process. Six (6) Levels of Maturity (from 1 to 6) Level 1 - Self-Governed: Individual business units and departments are "on their own" to organize, implement, and self-govern their own business continuity efforts. The state-of-preparedness is low across the Enterprise. The organization reacts to disruptive events when they occur. Level 2 Departmental: At least one business unit or corporate function has initiated efforts to establish management awareness of the importance of Business Continuity. A few functions or services have developed and maintain BC plans within one or more of the BC disciplines (see Program Content). At least one internal or external resource has been assigned responsibility to support the business continuity efforts of the participating business units and departments. The state-of-preparedness may be moderate for participants, but remains relatively low across the majority of the company. Management may see the value of a BCM Program but they are unwilling to make it a priority at this time. Level 3 Cooperative: Participating business units and departments have instituted a rudimentary governance program, mandating at least limited compliance to standardized BCM policy, practices, and processes to which they have commonly agreed. (Note: this is not necessarily an Enterprise BCM Policy). A BCM Program Office or Department has been established, which centrally delivers BCM governance and support services to the participating departments and/or business units. Audit findings from these participants are being used to reinforce competitive and strategic advantage for their groups. Interest in leveraging the work already done is being promoted as a business driver for launching a BCM Program. Several business units and departments have achieved a high state-of-preparedness. 5

6 However, as a whole, the Enterprise is at best moderately prepared. Senior management has not committed the Enterprise to a BCM Program Level 4 Standards Compliant: Senior management understands and is committed to the strategic importance of an effective BCM Program. An enforceable, practical BCM Policy and associated standards have been adopted, including methods and tools for addressing all four BC disciplines (see BC Program Content below). A BCM Program Office or Department has been created to govern the program and support all Enterprise participants. Each group has acquired its own and/or utilizes the central BCM professional resources. BCM policy, practices, and processes are being standardized across the Enterprise. A BCM competency baseline was developed and a competency development program is underway. All critical business functions have been identified and continuity plans for their protection have been developed across the Enterprise. Departments conduct unit tests of critical business continuity plan elements. All business continuity plans are updated routinely. Level 5 Integrated: All business units and departments have completed tests on all elements of their business continuity plan including their internal and external dependencies. Plan update methods have proven to be effective. Senior management has participated in crisis management exercises. A multi-year plan has been adopted to continuously "raise the bar" for planning sophistication and Enterprise-wide state-of-preparedness. A communications and training program exists to sustain the high level of business continuity awareness following a structured BCM competency maturity program. Audit reports no longer highlight business continuity shortcomings. Strategic and competitive advantages achieved from the BCM Program are highlighted in periodic internal and external communications. Level 6 Synergistic: Sophisticated business protection strategies are formulated and tested successfully. Cross-functional business continuity capabilities are measured. Change control methods and continuous process improvement keeps this organization at an appropriately high state-of-preparedness even though the business environment continues to change radically and rapidly. Innovative policy, practices, processes, and technologies are piloted and incorporated into the BCM Program Generally maturity models can show the clear business value derived by the organization as it progresses up each level of maturity (e.g., reduced errors, faster delivery, and improved on-time, on-budget performance). Within the BCMM, selfgoverning (Levels 1-2) can work, but without the infrastructure investment it will not be sustainable, and cross-functional recovery strategies will be more difficult to implement. In the model, Levels 1-3 represent organizations that have not yet completed the necessary program basics needed to launch a sustainable enterprise BCM program. Levels 4-6 represent the evolutionary path of the maturing enterprise BCM program. When determining maturity and trying to assess the current Level (1 to 6), there are eight Corporate Competencies which address key behaviours and central disciplines of Business Continuity. 6

7 Eight (8) Corporate Competencies There are eight BCMM Corporate Competencies. The first seven address the key behaviors of the BC program. The eighth Corporate Competency, Program Content, addresses how the organization implements the four central disciplines of business continuity; Incident Management (IM), Security Management, (SM) Technology Recovery (TR) and Business Recovery (BR). Each Corporate Competency categorizes a critical organizational characteristic of an organization s ability to create a sustainable business continuity program. Each corporate competency categorizes a critical organizational characteristic of an organization s ability to create a sustainable business continuity program. Each corporate competency categorizes a critical organizational characteristic of an organization s ability to create a sustainable business continuity program. 1. Leadership The commitment and understanding demonstrated by executive management with regard to the implementation of an appropriately scaled, enterprise-wide business continuity program. As well, the degree to which the business case for implementing sustainable business continuity has been articulated and understood by executive management. 2. Employee Awareness The breadth and depth of business continuity conceptual awareness throughout all staff levels of the organization including consideration for the quality and sustainability of the BC training and awareness program. 3. BC Program Structure The scale and appropriateness of the business continuity program implemented across the Enterprise. The degree to which the BCM Program matches the articulated business case. 4. Program Pervasiveness The level of business continuity coordination between departments, functions, and business units across the Enterprise. The degree to which business continuity considerations have been incorporated in other appropriate business initiatives, programs, and processes. 5. Metrics The development and monitoring of appropriate measures of BCM Program performance. The establishment and tracking of a business continuity competency baseline. 6. Resource Commitment The application of sufficient, properly trained and supported personnel, financial, and other resources to ensure the sustainability of the BCM Program. 7. External Coordination Coordination of business continuity issues and requirements with external community including customers, vendors, government, unions, banks, creditors, insurance carriers, etc., ensuring that critical supply chain partners have adequate BCM Programs of their own in place. 8. BC Program Content The previous seven Corporate Competencies address the key behaviors of the BC program. This eighth Corporate Competency addresses how the organization implements the four central disciplines of business continuity: a. Incident Management (IM) Ensuring that all aspects of emergency response, crisis management, and any other activities involved in command, control, and communications during an organizational crisis and/or disastrous event are appropriately addressed. b. Security Management (SM) Ensuring that physical security, information security, and any other activities associated with protecting the integrity of targeted information and resources are appropriately addressed. 7

8 c. Technology Recovery (TR) Ensuring that critical information systems hardware, software, networks, and applications are adequately recoverable within defined recovery time objectives. d. Business Recovery (BR) Ensuring that critical business functions and resources are adequately recoverable within defined recovery time objectives. Increasing Business Continuity Competency Maturity Maturity Model Levels Athlete Analogy Comparative Model Level 1 Self-Governed Level 2 Departmental Level 3 Cooperative Level 4 Standards Compiant Level 5 Integrated Level 6 Synergistic Able to Crawl Able to Walk Able to Run Fit Runner Competitive Runner Olympic Runner Organization At Risk Competent Performer Best of Breed Corporate Competencies General Attributes of an Organization at Each Maturity Level Leadership VL L M H H H BC Awareness VL L L M H H BC Program Structure VL L L M H H Program Pervasiveness VL L L L M H Metrics VL L M M H H Resource Commitment VL L M H H H External Coordination VL L L M H H BC Program Content Incident Management VL L M H H H Technology Recovery VL L M H H H Business Recovery VL L M H H H Security Management VL L M H H H VL Very Low L Low M Medium H High Figure 4 BCMM Maturity Levels and Corporate Competencies BCMM Levels 1 through 3 represent organizations that have not yet completed the necessary program basics needed to launch a sustainable enterprise BCM program. Levels 4 through 6 represent the evolutionary path of the maturing enterprise BCM program. 8

9 IV. BC MATURITY CHALLENGES Deciphering the BCMM Maturity Levels and Corporate Competencies and applying them to your organization and your Business Continuity Management program creates a significant challenge. How does one collect, collate, document and apply all the verifiable data necessary to measure BCMM? How do you collect the intangible types of BCMM data that reside in the minds of executive leadership within the organization? BCMM data gathering methods may include face-to-face interviews/meetings with executives, business unit management, IT operations management, supply chain management and vendors and facilities and security management. Multiple surveys targeting different organizational entities may be distributed. Current BC/DR documentation reviews may be initiated. The time taken to complete these methods may lengthen the approved timeline of the BCMM measurement process to the point where the time taken gradually degrades the quality and effectiveness of the overall purpose of measuring the organization s maturity level. It is the scope of the organization s BCM that will determine the depth of data gathering to be undertaken Once the data gathering team believe the information is finally available for analysis... What are the next steps in the roadmap? Where is all the data stored and collated? How are the BCMM metrics applied to discern the valuable data versus the extraneous? How does the team report meaningful results to the organization s senior leadership so the program s direction can be determined? Isn t there a centralized, efficient method to gather, collate, analyze, calculate and report the results of BC maturity? Are we confident we can recover from a disaster event based on business continuity maturity? Will BCMM measurement make the organization compliant with industry standards and regulations? V. BCM CORPORATE TOOLS CMS / LDRPS Addressing the BC maturity challenges and finding answers to the questions presented are not easy tasks. The key to managing the vast amount of BCM data is to have a centralized utility, or software tool, to use as a data repository and analytical tool that provide meaningful BC maturity reports for executives to make informed decisions going forward. CSC Business Continuity Services (BCS) has globally implemented the Continuity Management Solution (CMS) integrated software platform, of which the Living Disaster Recovery Planning System (LDRPS), BIA Professional and NotiFind is a part. CMS will support the functionality requirements of BCM with regard to data analysis and effective data management and BC/DR planning. LDRPS is the comprehensive tool that effectively manages the BC/DR planning process and components. The entire CMS platform serves as a potential data repository for BC maturity data gathering to the analysis and reporting within LDRPS as BC maturity measurement is determined. A key feature of how CMS effectively manages the BC data gathering process is its unique ability to build and generate specific end user surveys. This functionality is the basis for proposing data gathering, analysis and reporting as part of this service. 9

10 It s the BC maturity survey that can be distributed and responded to, via the internet, to an enterprise s end users in all facets of the organization. The survey is accessed via a supplied user ID and password. As survey results are submitted, CMS will store the response, analyze the data against the preset criteria defined by CSC s subject matter experts and provide LDRPS reports showing the level(s) of BC maturity within the organization. It s this level of functionality that makes CSC s CMS utility software a valuable tool for advocating and using BCMM as part of a business continuity assessment program. VI. BC MATURITY ASSESSMENT PROGRAM CSC BCS can take the BCMM assessment structure and generate a series of survey questions related to the eight Corporate Competencies where the selected response relates to one of the six Maturity Levels within BCMM. The survey questionnaire can be designed to utilize the survey functionality of CMS-LDRPS and the BCMM -determined questions, formulating a complete online BC maturity assessment tool. The online BC maturity assessment tool would be part of the CSC Business Continuity Maturity Assessment Program. Improving an organization s BCMM maturity and corporate competency levels requires structured planning and commitment from the client s board of directors, senior leadership and a roadmap to achieve the next levels of BCMM maturity. Following the base-lining of results from an online assessment, the next stages leverage the experience and knowledge of CSC s BCS experts providing the clients with a roadmap and schedule to achieve their required level(s) of maturity. Attaining the next level of BCMM maturity will take time based on the requirements of the BCMM model and an organization s progress in achieving their BCM program goals. Depending on management structure, it is the organization s site management, or business unit management, who knows best what the organization is capable of achieving within specific timeframes based upon the scope of BCM and the guidance, support, funding and direction from executive management. To demonstrate current visibility of the BC maturity of client sites, the BC Maturity Assessment Program would include a BCM dashboard. Completing the BCMM Survey online within CMS would allow multiple types of dashboard charts to be generated based on the results of each survey response. The dashboard automatically shows clients visibility to their organization s maturity level and progress towards demonstrable compliance with internal and external audit requirements, and is a catalyst for any industry regulatory compliance and/or business continuity certification standards such as the British standard BS25999 and ISO compliance. On a regular basis, BCS subject matter experts can assess the organization s progress on following the BCMM roadmap and schedule. Based on the new assessment findings, the roadmap and schedule will be updated with progress and any remediation tasks required keeping the roadmap on track. 10

11 VII. RELATIONSHIP OF BCM TO BS25999 STANDARDS Continued operations in the event of a business disruption, due to a major disaster or a minor incident, are a fundamental requirement for any organization. Ensuring operational continuity has led to the development of Business Continuity Management (BCM) as a recognized business discipline, but not until the recent publication of BS has there been an internationally-recognized management framework certification that adds consistency, credibility and viability to an organization s existing BCM programs. BS 25999, currently a British Standard which is the foundation upon which the new ISO international standard and certification is based on BCM program guidelines, is designed to keep your business going during the most challenging and unexpected circumstances. It, in conjunction with BCM, provides a basis for understanding, developing, implementing and managing business continuity within your organization and gives you confidence when dealing with stakeholders both within and outside your organization. BCM, BS25999 and ISO are suitable for any organization, large or small, from any sector. It is particularly relevant if an organization operates in a high risk environment such as the finance, telecommunications, transport, utilities and public sectors, where the ability to continue operating is paramount for both executive management and the organization s stakeholders. A BCM Assessment Program is specifically designed to move an organization from its infancy in BC/DR goals and objectives to a full BCM program that manages all BC/DR activities and measures the maturity of the organization s BCM development at given times of the BCM lifecycle. Most organizations do not have the time, resources or BCM software utility toolsets at their disposal to build and maintain their organization s BCM program while striving to comply with BS25999 industry standards. CSC s BC/DR industry subject matter experts are specifically trained to guide an organization to implement a successful BCM program and move towards BS25999 and ISO standards. CSC s expertise in the use of LDRPS as the utility to manage the BCM program not only replaces the organization s need to provide that time and resources, but also provides the organization with the necessary support and expertise required to get the job done. VIII. SUMMARY This paper has proposed a practical solution to the question How robust is your organization s business continuity management program? It sets out a proven solution to identify a consistent level of understanding/measurement with regard to how effective your continuity management practices are across the organization, in order to establish the building blocks, where applicable, for developing improvement plans in support of the organization s strategic direction for the Business Continuity Program. The solution combines 30 years of CSC BC/DR practitioner experience and CSC s LDRPS comprehensive recovery planning software offering. It is this strategic combination of products, along with analysis by CSC s Business Continuity specialists, regular assessment and dashboard status updates, that form the potential basis for a new Business Continuity Maturity Assessment Program. 11

Business Continuity / Disaster Recovery Context

Business Continuity / Disaster Recovery Context Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal

More information

Business Continuity Maturity Model

Business Continuity Maturity Model Business Continuity Maturity Model Version 1.4 Last Updated: April 4, 2007 Contact Virtual Corporation for latest revision Prepared by Virtual Corporation, Inc. Village Green Annex 98 Route, Suite 12 Budd

More information

Using the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006

Using the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006 Using the Business Continuity Maturity Model To Gain Executive Approval Margaret Langsett, Executive Vice President, Virtual Corporation Manfred Heinzlreiter, CBCP, Managing Partner, BR- i.com June 20,

More information

How Mature Is Your Business Continuity Program? by: Scott Ream Pages: 26-30; January, 2002

How Mature Is Your Business Continuity Program? by: Scott Ream Pages: 26-30; January, 2002 Source: Article Title. How Mature Is Your Business Continuity Program? January, 2002: pp 26-30. Reprinted with permission from Witter Publishing Corp. Content contained on www.contingencyplanning.com.

More information

Business Continuity in Healthcare

Business Continuity in Healthcare Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet

More information

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE When it comes to building a business continuity management (BCM) program that s complete, current, and compliant, there is no substitute for

More information

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012 Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

Business Continuity Management Software

Business Continuity Management Software Business Continuity Management (BCM) Software 1 Business Continuity Management Software All In One Continuity Management Solution A Single Platform Approach Manage entire lifecycle with comprehensive BC

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

The Role of Internal Audit In Business Continuity Planning

The Role of Internal Audit In Business Continuity Planning The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information

More information

BS 25999 BUSINESS CONTINUITY MANAGEMENT

BS 25999 BUSINESS CONTINUITY MANAGEMENT BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012 To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

BT Conferencing Business Continuity Management. Planning to stay in business

BT Conferencing Business Continuity Management. Planning to stay in business BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Business Continuity and Disaster Recovery Policy

Business Continuity and Disaster Recovery Policy Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT Karl D Bryant, MBCP, MBCI, CBCLA, PMP Senior Vice President PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT WWW.CHICAGOLANDRISKFORUM.ORG BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW BUSINESS

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security

More information

Internal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation

Internal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation Department NeighborWorks America Audit Review of the Business Continuity Plan (BCP) and Documentation Project Number: ADMN.BCP.2013 Audit Review of of BCP Table of Contents Project Completion Letter...

More information

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited Business Continuity and Risk Management Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited What does Business Continuity mean? Business Continuity Management- Definition Business Continuity

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems

Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems 9 April, 2008 2 Presentation content Drivers for Business Continuity Standards and definitions.

More information

INFOSEC.MY KNOWLEDGE SHARING SESSION

INFOSEC.MY KNOWLEDGE SHARING SESSION INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have

More information

Preparing for the Convergence of Risk Management & Business Continuity

Preparing for the Convergence of Risk Management & Business Continuity Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

Global Statement of Business Continuity

Global Statement of Business Continuity Business Continuity Management Version 1.0-2014 Date October 18, 2014 Status Author Business Continuity Management (BCM) Page 1 of 8 Table of Contents 1. Credit Suisse Business Continuity Statement 3 2.

More information

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015 Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

COMMUNIQUE. Information Technology (IT) Governance Guidance

COMMUNIQUE. Information Technology (IT) Governance Guidance COMMUNIQUE 14-COM-002 July 14, 2014 Information Technology (IT) Governance Guidance The Credit Union Prudential Supervisors Association (CUPSA) has established an IT Risk Working Group to focus on IT governance

More information

- SAMPLE CUSTOMIZED REPORT - Business Continuity Program Benchmark Report

- SAMPLE CUSTOMIZED REPORT - Business Continuity Program Benchmark Report - SAMPLE CUSTOMIZED REPORT - Business Continuity Program Benchmark Report Customized & Prepared Exclusively for XXX Company July 16, 2009 Benchmarking. Plan Ahead. Be Ahead. HAVE YOU EVER NEEDED DATA TO

More information

Business Continuity Management Planning Methodology

Business Continuity Management Planning Methodology , pp.9-16 http://dx.doi.org/10.14257/ijdrbc.2015.6.02 Business Continuity Management Planning Methodology Dr. Goh Moh Heng, Ph.D., BCCLA, BCCE, CMCE, CCCE, DRCE President, BCM Institute moh_heng@bcm-institute.org

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

Chapter I: Fundamentals of Business Continuity Management

Chapter I: Fundamentals of Business Continuity Management Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify

More information

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014

More information

Why Use Business Continuity Management Software? Bratislava, Slovak Republic Steve Kokol Vice President of International Sales. www.sungardas.

Why Use Business Continuity Management Software? Bratislava, Slovak Republic Steve Kokol Vice President of International Sales. www.sungardas. Why Use Business Continuity Management Software? Bratislava, Slovak Republic Steve Kokol Vice President of International Sales www.sungardas.com Risk is a business issue, NOT an IT issue! Business Continuity

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately

More information

Driving Operational Risk Management Into the Customer/Product Value Chain

Driving Operational Risk Management Into the Customer/Product Value Chain Driving Operational Risk Management Into the Customer/Product Value Chain Eric Staffin, MBCI, CISSP Vice President, Global Head of Product & Infrastructure Risk Management Thomson Reuters, Investment &

More information

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations Boost BCM Program Maturity: Arm Your Team with the Right Tools Jason Zimmerman Vice President Operations Gartner Rates Incident Management Systems Benefit High In their 2014 Hype Cycle Report, Gartner

More information

Business resilience: The best defense is a good offense

Business resilience: The best defense is a good offense IBM Business Continuity and Resiliency Services January 2009 Business resilience: The best defense is a good offense Develop a best practices strategy using a tiered approach Page 2 Contents 2 Introduction

More information

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Asset management Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Data is about more than numbers. It tells

More information

How To Manage A Disruption Event

How To Manage A Disruption Event BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

Introduction to Business Continuity Planning

Introduction to Business Continuity Planning Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute

More information

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance: Business Committee Policy Owner: Chief Superintendent, Corporate Services Department: Corporate Services Policy Number: 002 Version: 3.0 Policy Writer: Business Continuity Co-ordinator Effective

More information

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013 State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council

More information

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management Issued under Section 27 of the Banks and Financial Institutions Act 2000 Overview and Key Requirements Business Continuity

More information

White Paper. Lifecycle Disaster Recovery Costs

White Paper. Lifecycle Disaster Recovery Costs White Paper Lifecycle Disaster Recovery Costs Lifecycle Disaster Recovery Costs Do you really understand the costs to a financial institution for IT Disaster Recovery? Most professionals working in a

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan December 13, 2006 Revision XXQwest Government Services, Inc. 4250 North Fairfax DriveArlington, VA 22203(Delete this page)revision history Revision Number Revision Date

More information

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million. Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the

More information

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY Introduction 1. This policy is a key part of the Department for Transport s internal control framework and specifically covers the Department

More information

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT February 2012 1 Role of the Health and Social Care Board The role of the Health and Social Care Board (the Board) is broadly contained

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information