Measuring Continuity Planning Program. Performance
|
|
- Horatio Russell
- 8 years ago
- Views:
Transcription
1 Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda How an enterprise-wide BCP program should be structured Business Continuity and Crisis Management Process Overview Two approaches to building metrics processes Utilizing and Enterprise Risk Management Approach Value Driver Based Utilizing the ISO Information Security Management System Standards Based Metrics Program Benefits and Recommendations
2 Enterprise-wide BCP Bus. Process Infrastructure & Approach Business Process Focused Risk Management/Analysis/BIA Continuity and Recovery Strategy ebusiness Uptime Requirements Benchmarking/Peer Analysis Metrics Business Process/Function/Unit Recovery Planning/Execution Teams Time-Critical Processing Resource Requirements Plan Development Plan Exercise Quality Assurance Change Management Business (requirements) Continuity Planning (BCP) Continuous Availability Continuous Operations Disaster Avoidance etechnologies Redundancy & Diversity Known Failover and Recovery Timeframes Crisis Management Planning (CM) Continuous Availability Technology and Communications IT Disaster Recovery Planning (DRP). Global Enterprise Crisis Management & Emergency and Response Team(s) Emergency Response Command Center Planning Awareness Training Communications Coordination Technology Infrastructure Recovery Planning and Execution Teams Strategy Implementation Assistance Plan Development Plan Exercise Quality Assurance Change Management Metrics Development Approach 1 - Base metrics on Enterprise Value Drivers
3 Value Drivers Risk Drivers Strategy Capability (most KPIs here) Implement Best Business Practices Manage Growth Drive Innovation Enterprise Risk Management Framework Risks Strategic Operational Stakeholder Financial Intangible Risk Strategy Assess Appetite Prioritize Treatment Approach BCP /EM Legal Risk Functions Internal Audit ERM Crisis Mgmt Risk Management Process Risk Strategy & Assess Appetite Assess Risk Risk Mgmt IT Security Organization Enterprise Risk Committee CRO or ERM Manager Culture Knowledge Mgmt Metrics Training Communication Tools RiskWeb Early Warning System Assessment and Quantification tools Control Cost Allocation of Capital Capability Functions Process Organization Culture Tools Enterprise- Wide Integration Program Strategy Develop Deploy Continuously Improve Treat Risk Monitor & Report Enterprise-wide Integration Strategic Planning Programs/PMO Processes Functions Risk Attributes Lifecycle Individual Portfolio Qualitative Quantitative Examples of Value Drivers Satisfaction Impact on external customers # of customers impacted Duration of impact People Loss/ access to private employee information Workforce endangerment Access to executive information, systems, etc Financial Cost Increase Revenue loss Intangible Proprietary information Damage to brand
4 If you can't measure it, you don't know it Identify/Monitor Identify/Monitor Enterprise Enterprise Value Value Drivers Drivers Financial Financial Increase Increase sales sales 10% 10% Decrease Decrease expenses expenses 8% 8% Increase Increase customer customer privacy privacy Increase Increase customer customer service service efficiency efficiency Metrics Development Process Define Define Metrics Metrics for for Linked Linked Components Components Financial Financial BIA BIA updated updated annually annually BCP BCP quality quality survey survey demonstrates demonstrates percentage percentage increase increase in in awareness awareness service service survey survey demonstrates demonstrates higher higher levels levels of of approval approval wait wait time time decreased decreased by by 13% 13% Define Define Value Value Driver Driver Linkages Linkages to to Program Program Components Components Financial Financial Business Business Impact Impact Assessment Assessment Process Process (drives (drives down down expenses expenses due due to to increased increased BCP BCP efficiencies) efficiencies) Recovery Recovery strategy strategy deployment deployment (redundant (redundant solutions solutions provide provide additional additional bandwidth) bandwidth) Metrics Development Time Line Phase 1/4 Phase 2/5 Phase 3/6 1. Identification of Value Drivers 2. Map Value Drivers to BCP Process Components 3. Develop Qualitative & Quantitative Metrics for linked components 4. Monitor/Modify Value Drivers 5. Map Value Drivers to BCP Process Components 6. Develop Qualitative & Quantitative Metrics for linked components T I M E
5 Metrics Development Method Identify & Define Value Drivers Executive Management motivation data gathering (customer satisfaction, financial, intangible, etc.) Timely business impact assessments are performed The Continuity Planning infrastructure was developed utilizing a methodological approach Emergency Response Procedures are: - Formalized - Address life safety considerations of both employees and outsiders - Located or posted in conspicuous locations throughout each facility - Operating personnel have received training within the past six months -Emergency Response Procedures are tested periodically (at least semi-annually) -Emergency Response actions are coordinated with Civil Authorities, internal facilities management, etc. -Updated at least semi-annually - Auditable and audited with no resulting significant criticisms Categorize Continuity Program Measurement Components Examples could include BCP Lifecycle Components (BIA, Emergency response Procedures, Crisis Management Teams, Documented Plans, Test Plans, Training, etc.) Continuity Program Measurement Criteria Metrics Development Approach 2 Base metrics on commonly recognized standards and practices (ISO for instance)
6 ISO 17799/27001 Scope ISO (should) is an International Standard that provides: recommendations for Information Security Management (133 control objectives) a common basis for developing organizational security standards and effective security management practices confidence in inter-organization dealings an organization cannot get certified against ISO ISO (shall) is an International Standard that provides management guidelines for implementing and managing the 133 control objectives utililizing a coordinated Information Security Management System (ISMS) approach: When properly implemented the ISMS provides auditable and certifiable proof as to the effectiveness of the ISMS and the 133 control objectives ISO assists us in how we manage information security for auditability and certification Base Standards on ISO27001 BCP Requirements ISO27001 Aspects of the Business Continuity Management Program Business Continuity Management Process Business continuity management processes shall be established to ensure uninterrupted of business activities. Business Continuity and Impact Analysis A comprehensive risk management process shall be applied to business processes Writing and Implementing Continuity Plans Business continuity plans shall ensure maintenance or timely recovery of business activities Business Continuity Planning Framework Business continuity plans shall have a single framework to facilitate the testing and review of plans Establish Testing, maintenance, and assessments for business continuity plans
7 ISO27001 BCP Framework Executive Policy Statement (Info Sec, Phy. Sec., BCP, etc.) Business Continuity Program - Charter Business Continuity Program Enterprise Standards/Processes Metrics BCP Program Framework BCP Policy & Charter Governance Scope Roles & Responsibilities Company Objectives The WHY BCP Standards/Processes Baseline Requirements Enterprise-Wide Synergy Repeatable Processes Consistency/Predictability The WHAT Legislative / Regulatory Compliance Executive Management Direction Enterprise-Wide Due Diligence Competitive Advantage ISO Alignment Predictable/Repeatable Industry Best Practices BCP Specifications Operating Area Established Operating Area Maintained Operating Area Defined Metrics The HOW
8 BUSINESS CONTINUITY SAMPLE METRIC CATEGORIES Objective Threshold Transactions Calls Equipment Required People Required Time to Recover Event Assessment BCP Framework - Gap Analysis Gap Analysis Process Same Process as ISMS Alignment with Standards Operating Area Specifications Operating Area Procedures Gap Remediation Critical and Highs Remediation Plans Gap Acceptance Formal Process & Signoffs Measurement Test Objectives vs. Results
9 Benefits of Metrics Can be used to reduce costs (insurance possibly) Can be used as an advantage in the marketplace Provides a map to where process improvement may be needed Provides oversight insight (audit, compliance) Recommendations Think in terms of how do you as a planner get management attention, buy-in and budget? One way is to develop and be measured against a set of metrics. How do you as a Continuity Planner demonstrate the value-add contributions of the enterprise continuity planning business process? Stay out of the weeds Don t focus on IT recovery only THINK Value-add contribution to the business/mission or Adherence to standards through periodic gap analysis. Focus on defining who the stakeholders are (corporations -shareholders, government-the people) What does the key stakeholder value from this organization? Break the BCP process down so we can make operational, manageable, and measurable decisions. Discuss and present in Executive Management terminology.
Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationBusiness Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009
Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting
More informationCOMMUNIQUE. Information Technology (IT) Governance Guidance
COMMUNIQUE 14-COM-002 July 14, 2014 Information Technology (IT) Governance Guidance The Credit Union Prudential Supervisors Association (CUPSA) has established an IT Risk Working Group to focus on IT governance
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationPlan Development Getting from Principles to Paper
Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationMany components can make up the risk management capability; some of the key elements are discussed below:
Successful Security, Risk and Control Programs from DelCreo, Inc., an Enterprise Risk Management Company DelCreo Enterprise Risk Management Framework Part II Strategic planning is an area that I believe
More informationBusiness Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013
Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationFlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk
Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationMHA Consulting. Business Continuity Management 101
0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More information2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP
2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.
More informationOverview. Emergency Response. Crisis Management
Prudential Financial s Preparedness Strategy Overview Emergency Response, Crisis Management, Business Continuation, Technology Disaster Recovery & Health Crisis Preparedness Prudential is committed to
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationIRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS
IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and
More informationImproving Financial Performance, Governance and Compliance
Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com
More informationDRAFT BUSINESS CONTINUITY MANAGEMENT POLICY
DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining
More information> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight
> State Street An Integrated Approach to Continuity Metrics & Progress Reporting Presented to: Continuity Insights May 2007 Presented by: Chris Glebus Continuity Organizational Structure Executive Management
More informationIl nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità
Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM
More informationMeeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan
Meeting FFIEC Requirements: Enterprise-Wide Testing of Your Business Continuity Plan April 25, 2012 Robin Remines, CBCP, AMBCI Certified Business Continuity Professional The OGO Difference Focus on making
More informationExternal Supplier Control Requirements BCM
External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity
More informationInternational Diploma in Risk Management Syllabus
International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationInformation Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer
Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value
BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationEnterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport
January 2010 Enterprise Risk Management (ERM): In Action Co-presented by: Michael Yip, Risk Consulting Norma Essary, DFW International Airport www.marsh.com Discussion Topics Enterprise Risk Management
More informationBuilding Competence in Reputation Risk Management
Building Competence in Reputation Risk Management PRSA International Conference 16 October 2012 Linda Locke, Reputare Consulting What keeps you up at night? 2 What keeps your board up at night? Reputational
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationManaging Risk at Bank of America Corporation. Overview
Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,
More informationCorporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015
Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory Iain Wright Ian Francis, IBM 4 June 2015 Corporate Challenges in the Development and Implementation of Effective Model Risk
More informationIFMA Facility Management Learning System - Table of Contents
Competency: Communication Chapter 1: Communication Fundamentals o Topic 1: The Nature of Communication o Topic 2: Effective and Efficient Communication o Topic 3: Cross-Cultural Communication o Topic 4:
More informationFeature. Developing an Information Security and Risk Management Strategy
Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationInformation Security. Incident Management Program. What is an Incident Management Program? Why is it needed?
Information Security Incident Management Program What is an Incident Management Program? It is a coordinated program of people, processes, tools and technology, which prevents and manages information security
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More informationWhite Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview
White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationAGILE. Project OPM3 Portugal. 2014 PM4S. All Rights Reserved. Lisbon, Portugal
AGILE Project OPM3 Portugal 2014 PM4S. All Rights Reserved. Lisbon, Portugal OPM3 Maturity Model OPM3 Knowledge Assessment Improvement Projects Programs Portfolios Organizational Enablers Measures processes
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationSan Francisco International Airport Enterprise Risk Management
San Francisco International Airport Enterprise Risk Management Mike Warren Airport Risk Manager WHAT IS ENTERPRISE RISK MANAGEMENT (ERM) It is a comprehensive program that focuses on a continuous and sustainable
More informationIT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008
IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008 Jan Duffy, Research Director Industry Insights Agenda About IDC Insights Today s organizational complexities
More informationCSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM
A WHITE PAPER CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM AUTHORS: Neil A. Smith, MBCP nsmith24@csc.com Sandra Riddell, MBCI sriddel4@csc.com CSC Papers 2013 ABSTRACT The auditors said
More informationBusiness Continuity Planning. Description and Framework. White Paper. Preface. Contents
Comprehensive Consulting Solutions, Inc. Business Savvy. IT Smart. Business Continuity Planning White Paper Published: April 2001 (with revisions) Business Continuity Planning Description and Framework
More informationUsing the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006
Using the Business Continuity Maturity Model To Gain Executive Approval Margaret Langsett, Executive Vice President, Virtual Corporation Manfred Heinzlreiter, CBCP, Managing Partner, BR- i.com June 20,
More informationIT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationBusiness Continuity and Disaster Recovery Policy
Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology
More informationMetro Business Continuity and Disaster Recovery Plan Response to vendor questions RFP10-1629
April 14, 2010 Q1. How does Metro define its plan? What type of plan does Metro want to create? Should it focus on the facility, process, and/or department? Is it intended for use during incident management
More informationBusiness Continuity / Disaster Recovery Context
Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal
More informationPRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT
Karl D Bryant, MBCP, MBCI, CBCLA, PMP Senior Vice President PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT WWW.CHICAGOLANDRISKFORUM.ORG BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW BUSINESS
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationA BCP Tale: From Theory to Practice
A BCP Tale: From Theory to Practice Presenter: Gord Novoselnik Problem & Configuration Manager, Enterprise Solutions Division, MTS Allstream Gord.Novoselnik@mtsallstream.com 1 10 Commandments of BCM I.
More informationAccreditation Application Forms
The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms
More informationTHE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT
THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.
More informationSubject Area 1 Project Initiation and Management
DRII/BCI Professional Practice Narrative: Establish the need for a Business Continuity Plan (BCP), including obtaining management support and organizing and managing the BCP project to completion. (This
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationAligning Compliance Program Priorities with Business Objectives
Aligning Compliance Program Priorities with Business Objectives By Jay G. Martin Vice President, Chief Compliance Officer and Senior Deputy General Counsel Baker Hughes Incorporated CAIL Institute for
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationThe CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
More informationBig Data Analytics; The value of the right action. April 1 st, 2014 Edwin Steenvoorden VP Business Analytics & Information Strategy
Big Data Analytics; The value of the right action April 1 st, 2014 VP Business Analytics & Information Strategy Better intelligence, smarter decisions Introduction Better intelligence, smarter decisions
More informationPortfolio Management Professional (PfMP)SM. Examination Content Outline
Portfolio Management Professional (PfMP)SM Examination Content Outline Project Management Institute Portfolio Management Professional (PfMP) SM Examination Content Outline Published by: Project Management
More informationIntroduction to Business Continuity Planning
Introduction to Business Continuity Planning Business Continuity Management Ensure continuity and survival of our organization in the event of an emergency event: Essential elements: Risk identification
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationBusiness resilience: The best defense is a good offense
IBM Business Continuity and Resiliency Services January 2009 Business resilience: The best defense is a good offense Develop a best practices strategy using a tiered approach Page 2 Contents 2 Introduction
More informationControl Design & Implementation Week #5 CRISC Exam Prep ~ Domain #4. Bill Pankey Tunitas Group. Job Practice
1 Week #5 CRISC Exam Prep ~ Domain #4 Bill Pankey Tunitas Group CRISC Control Design Domain Job Practice 4.1 Interview process owners and review process design documentation to gain an understanding of
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationBeyond risk identification Evolving provider ERM programs
Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationITIL v3 Service Manager Bridge
ITIL v3 Service Manager Bridge Course Length: 5 Days Course Overview This 5 day hands on, certification training program enables ITIL Version 2 certified Service Managers to upgrade their Service Manager
More informationSTANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices
A S I S I N T E R N A T I O N A L Supply Chain Risk Management: Risk Assessment A Compilation of Best Practices ANSI/ASIS/RIMS SCRM.1-2014 RA.1-2015 STANDARD The worldwide leader in security standards
More informationManaging the Shadow Cloud
Managing the Shadow Cloud Integrating cloud governance into your existing compliance program August 2014 Shadow IT is not a new concept and organizations are well aware of the risks associated with unauthorized
More informationBirmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
More informationBCM and DRP - RFP Template
BCM and DRP - The Supreme Council of Information & Communication Technology ictqatar PUBLICATION DATE Document Reference This document should be used as an example of the contents of an RFP for business
More informationDatacenter Migration Think, Plan, Execute
Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With
More informationEnabling Compliance Requirements using ISMS Framework (ISO27001)
Enabling Compliance Requirements using ISMS Framework (ISO27001) Shankar Subramaniyan Manager (GRC) Wipro Consulting Services Shankar.subramaniyan@wipro.com 10/21/09 1 Key Objectives Overview on ISO27001
More informationMarch 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve
March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve HIPAA, SOX, PCI, GLBA...In today's corporate environment, businesses are facing increasing regulation affecting the corporation
More informationThe silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2014 Date October 18, 2014 Status Author Business Continuity Management (BCM) Page 1 of 8 Table of Contents 1. Credit Suisse Business Continuity Statement 3 2.
More informationBlending Corporate Governance with. Information Security
Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More information