Auditing Enterprise Business Continuity Management (BCM) Jeffrey M. Dato, MBCP Senior Manager Risk Advisory Services KPMG, LLP
|
|
- Ilene Carson
- 8 years ago
- Views:
Transcription
1 Auditing Enterprise Business Continuity Management (BCM) Jeffrey M. Dato, MBCP Senior Manager Risk Advisory Services KPMG, LLP
2 Agenda Rules of Engagement Definitions and Presentation Premises Business Continuity 101 Historical Perspective The Changing Landscape Corporate and Technology Trends Compliance and Reputational Risk Link to Enterprise Risk Management Audit Framework for BCM Standards and Professional Practices Guideline for Auditing BCM 2
3 Rules of Engagement
4 Definitions & Presentation Premises Business Continuity Management Crisis Management ( Respond People-focus) Disaster Recovery ( Recover Technology-focus) Business Resumption ( Resume Process-focus) Presentation Premises It s a business issue. It s about managing risks across the enterprise. It s a culture thing. It s not your grandfather s DRP anymore. It s about managing expectations. 4
5 Business Continuity 101 5
6 Business Continuity 101 6
7 Business Continuity 101 Program Management Office KEY BUSINESS PROCESS (KBP) POTENTIAL UNKNOWN EVENTS Technology Resources Non-Technology Resources Human Capital SLA S Regulatory Issues BUSINESS IMPACTS Quantitative & Qualitative Estimated Severity & Likelihood of Occurrence Validate Assets Quantitative & Qualitative Threats Vulnerabilities -Natural Disasters -Cyber-Terrorism -Terrorist Events -Supply Chain -Privacy Issues -Availability People Process Technology Prioritization of KBP s for Continuity and Recovery Current Control Environment Gap Analysis Optimum Control Environment Identification and Selection of Strategic Alternatives for Availability, Continuity & Recovery Mitigate, Insure, Accept Planning Planning Response Resumption Recovery Monitoring Tools Exercise Change Management Training Awareness Governance 7
8 Historical Perspective Events (1970 s & 1980 s) Utilities Failures: NYC Brownouts / Hinsdale Building Fires: Penn Mutual / First Interstate Natural Events: Loma Prieta / Hurricane Hugo Planning Focus: RECOVERY Technology (Mainframe / Mid-Range) Regulations: FCPA / Bank Circular 177 Back to the Future Johnson & Johnson ( Tylenol ) Exxon ( Valdez ) 8
9 Historical Perspective Events (1990 s) Hurricanes: Andrew / Georges / Floyd Domestic Terrorism: WTC (NYC) / Murrah Building (OKC) Natural Events: Earthquakes / Flooding / Tornados Planning Focus: CONTINUITY Technology (PC s / LAN / WAN / GWAN) People (Relocation / Manual Operations) Regulations: FFIEC Handbook / GLBA / HIPAA Back to the Future UPS ( Strike ) Bridgestone/Firestone ( Tire Failure ) 9
10 Historical Perspective Events (Y2K) Significance Boardroom Attention Public/Private Interaction Infrastructure Improvement Results Non-event : Too good of a job? False sense of preparedness Let down Efforts abandoned and/or scrapped Costly 10
11 Historical Perspective Events (2000 s) Denial of Service (DoS) Attacks Dot.Com Collapse / Corporate Scandals September 11, Hurricanes / Tsunami Planning Focus: RESILIENCY Technology (Mainframe / Mid-Range) Regulations Whitepaper / OCC / NASD 3520 / NYSE 446 NERC/FERC CyberSecurity 1300 / California SB 1386 Turnbull Report (UK) / Florida Statutes / Puerto Rico 11
12 The Changing Landscape
13 Corporate and Technology Trends Corporate Mergers & Acquisitions / Globalization Process Sourcing Supply Chain Dependency Regulatory Pressures Resource Constraints Increased Service Demands Availability Requirements Online Transactions / EDI Self-Service Tools: ATMs / Kiosks Customer Relationship Management (CRM) 13
14 Corporate and Technology Trends Technology Availability vs. Recoverability Recovery Time Objective (RTO) Recovery Point Objective (RPO) Maximum Tolerable Outage (MTO) Service Delivery Objective (SDO) IT Sourcing Data Center Availability Data & Records Management (Mileage Limitations) Mobility (PDAs / Auto Call Notification) 14
15 Compliance & Reputational Risk Compliance BCM-Specific Financial Services Healthcare Energy Public Sector Cross-Industry BCM-Implied Basil II California SB 1386 Gramm-Leach-Bliley Act ( 501) Homeland Security Act Sarbanes-Oxley ( 302, 404, 409) 15
16 Compliance & Reputational Risk Reputational Need to manage expectations Internally Board of Directors Executive Management Employees Externally Business Partners / Supply Chain Shareholders Analysts Customers / Clients Regulators 16
17 Link to Enterprise Risk Management At the highest level, there are four things that can be done with Risk: Mitigate Insure Plan Accept Compliance Contractual Types of Risk to be Considered: Financial Lost/Deferred Revenue Operational Strategic Technical People Market Share Cybercrime Regulatory Opportunity Production Partnerships E-Business Service Level Agreements Shareholder Equity Supply Chain Reputational Infrastructure Failure 17
18 Link to Enterprise Risk Management Committee of Sponsoring Organizations (COSO) Old New 18
19 Audit Framework for BCM
20 Standards and Professional Practices Standards US Disaster Recovery Journal Generally-Accepted Practices NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs International Publicly Available Specification (PAS) 56 (UK) Tripartite Standing Committee for Financial Stability (UK) AS/NZ 4360 / 4390 / 4444 (Australia/New Zealand) MAS Business Continuity Guidelines (Singapore) Other BCM-specific standards exist in China, Hong Kong, Japan, Malaysia, Philippines, South Africa and India Non-BCM Specific: COBIT, ISO 17799/BS
21 Standards and Professional Practices Professional Practices DRI International ( and the Business Continuity Institute ( Project Initiation and Management Risk Evaluation and Control Business Impact Analysis Developing Business Continuity Strategies Emergency Response and Operations Developing and Implementing Business Continuity Plans Awareness and Training Programs Maintaining and Exercising Business Continuity Programs Crisis Communications Coordination with External Agencies 21
22 Guideline for Auditing BCM Program Management Program Governance Critical & Sensitive Data Risk Assessment Business Impact Analysis Strategy Evaluation and Implementation Plan Development Change Management Event & Crisis Management Plan Exercises Training Awareness Quality Assurance Program Integration & Coordination Evolving Practices 22
23 Guideline for Auditing BCM Risk Assessment People Process Technology Physical Geographic Plan to Mitigate Insure Plan Accept Business Impact Analysis Business vs. Technology-driven Process Workflow Analysis Interdependencies Impacts (Quantified/Qualified) Financial Operational Legal/Contractual/Regulatory Brand/Reputational Market Share Resource Requirements Executive Accountability 23
24 Guideline for Auditing BCM Strategy Evaluation & Implementation Linkage to findings from Risk Assessments and Business Impact Analyses Partnership between Business and Technology Cost Benefit Analysis Vendor Agnostic Proof of Concept Process Chosen prior to plans being developed Change Management Process 24
25 Guideline for Auditing BCM Plan Development General Format Task-driven vs. Narrative Crisis Management / Emergency Response Pre-incident awareness and escalation processes Formalized Chain of Command / Succession Planning Incident Command Structure (ICS) Dedicated alternate site(s) for Command Centers Linkage to Crisis Communications plans and enterprise Business Continuity process Structured declaration process Ongoing Incident Management / ATOD Logistics 25
26 Guideline for Auditing BCM Plan Development Business Resumption Linkage to Crisis Management / Emergency Response Call Notification process Pre-identification of alternate workspace and/or redirection of process activities to other offices Resource requirements (i.e. workspace, voice/data, supplies, vital records, mail/courier/print) Recovery Operations Procedures Status Reporting / Event Audit Log Place-holder for multiple moves (i.e. interim and home) 26
27 Guideline for Auditing BCM Plan Development Disaster Recovery Linkage to Crisis Management / Emergency Response and Business Resumption Call Notification process Hot site / Tape Host / Sourcing declaration procedure Logistics (i.e. transportation, tape transfer, data push) Hardware / Software / Voice & Data scripts & restoration priority Status Reporting / Event Audit Log Multi-site move plan pre-identified (interim and home) 27
28 Guideline for Auditing BCM Exercise and Change Management Exercise schedule, involvement and frequency Exercise type do they build upon each other? Involvement of business partners and supply chain Existence of external observer for monitoring and line of business management for accountability Post-mortem reviews and ties to future exercises/plan maintenance (incorporation of lessons learned ) Change management schedule and frequency Automated or manual maintenance process and LOB sign-off 28
29 Guideline for Auditing BCM Program Governance Policies/Procedures Program Charter and Mission Statement Roles and Responsibilities Chapters for Governance of BIA, RA, Strategy, Plans, Exercises, Change Management, Awareness & Training Quality Assurance Functional vs. Process-driven Survey-only vs. Facilitated LOB Management involvement, review and sign-off Vendor Readiness External validation and benchmarking 29
30 Guideline for Auditing BCM Program Governance Awareness Existence, execution and frequency Cross-enterprise involvement Incorporation of lessons learned Training Existence, execution and frequency Types offered (i.e. position, BCM 101, software) Linkage to other training programs 30
31 Guideline for Auditing BCM Crisis Communications Formal policy exists and lead by Public Relations Communication of policy to employees War Room Executive involvement Exercise schedule or actual event experience Coordination with External Agencies (First Responders) Communication with local authorities First Responder involvement with exercises, as appropriate Discussion with authorities about identification cards for entrance to secured area 31
32 Guideline for Auditing BCM Program Integration & Coordination Linkage of BCM to the following Crisis Management and Disaster Recovery Compliance / Regulatory Enterprise Risk Management Legal / Contractual Supply Chain / Sourcing Strategic Initiatives Technology 32
33 Contact Information Jeff Dato, MBCP Senior Manager Risk Advisory Services KPMG, LLP Office: (404) Cell: (404)
Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013
Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationEvaluating and Improving Your Business Continuity Plan
Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationIT Disaster Recovery and Business Resumption Planning Standards
Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationThe Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)
Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services
More informationOhio Conference for Payroll Professionals Disaster Recovery
Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com
More informationRecovery Site Evaluation: Finding Viable Alternatives
Delivering the business value of IT. Recovery Site Evaluation: Finding Viable Alternatives Michael Croy Director, Business Continuity Solutions, Forsythe Solutions Group Session Agenda - Past to Present:
More informationBusiness Continuity Planning Preparing Your Organization
Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationInformation Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.
Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who
More information2014 NABRICO Conference
Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000
More informationBusiness Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010
Business Continuity and Emergency Preparedness Planning Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010 Overview Define key terms and list essential elements of business continuity
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationWestern Intergovernmental Audit Forum
Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationBusiness Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009
Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting
More informationeet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet
Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationMHA Consulting. Business Continuity Management 101
0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends
More informationSubject Area 9 Public Relations and Crisis Coordination
DRII/BCI Professional Practice Narrative: Develop, coordinate, evaluate, and exercise plans to communicate with internal stakeholders (employees, corporate management, etc.) external stakeholders (customers,
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More informationBusiness Continuity Management
GENERALLY ACCESSIBLE Business Continuity Management Field Report from an Audit Point of View ISACA Swiss Chapter - After Hour Seminar 28 August 2006 - Urs Voigt - Group Internal Audit Disasters Happen
More informationINFOSEC.MY KNOWLEDGE SHARING SESSION
INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationNational Fire Protection Association s Contribution to Business Continuity Strategies
National Fire Protection Association s Contribution to Business Continuity Strategies about me 1. Retired AVP Senior Business Risk Consultant 2. FM Global Trained: 1. 35 Years Service 2. Founder Member
More informationInteractive-Network Disaster Recovery
Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,
More informationRSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet
More informationBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery Safety First Quality Every Time 1 Business Continuity & Disaster Recovery Planning Who here has a formal Business Continuity & Disaster Recovery plan? The purpose
More informationRegulatory Requirements for Disaster Recovery/Business Continuity Programs
Regulatory Requirements for Disaster Recovery/Business Continuity Programs Al Berman Business Continuity Planning Practice Post 9/11 Surge in Business Continuity Regulations and Standards Post 9-11 20
More informationBUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION
BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION EXCERPT FROM THE FOREWORD TO THE 2ND EDITION The events of 9/11 have cast a long shadow over the world and led to a vital reappraisal of Enterprise Risk
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More informationDisaster Recovery Planning
Disaster Recovery Planning NOW or NEVER Disaster Recovery Team Aura Advanced Technologies Aura Advanced Technologies Inc 1301-1121 Sixth Avenue SW Calgary, Alberta T2P 5J4 Phone: 403-269-6123 Fax: 403-269-6169
More informationNovember 2007 Recommendations for Business Continuity Management (BCM)
November 2007 Recommendations for Business Continuity Management (BCM) Recommendations for Business Continuity Management (BCM) Contents 1. Background and objectives...2 2. Link with the BCP Swiss Financial
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationD2-02_01 Disaster Recovery in the modern EPU
CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October
More informationEmergency Management & Business Continuity Program Self-Assessment Checklist
Emergency Management & Business Continuity Program Self-Assessment Checklist Self-assessment tool for evaluating preparedness based on NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity
More informationBusiness Continuity Management and The Extended Enterprise
WHITE PAPER Business Continuity Business Continuity Management and The Extended Enterprise Continuous Availability in a Real-Time Economy Business Continuity is receiving a great deal of attention in the
More informationBusiness Continuity Management Program Development Guide
Business Continuity Management Program Development Guide Prepared by The NS Emergency Management Office, Winter 2012 Version 1.1 Page 2 of 24 Document Revision History Date Author Revision Notes Fall 2011
More informationSubject Area 1 Project Initiation and Management
DRII/BCI Professional Practice Narrative: Establish the need for a Business Continuity Plan (BCP), including obtaining management support and organizing and managing the BCP project to completion. (This
More informationBUSINESS CONTINUITY PLAN OVERVIEW
BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationDeveloping a Business Continuity Plan... More Than Disaster
Developing a Business Continuity Plan..... More Than Disaster Recovery! April 19, 2010 UHY / MMA Business Survival Series Webinar Focus.... Understanding the components of Business Continuity Planning
More informationProtecting your Enterprise
Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationHow to Design and Implement a Successful Disaster Recovery Plan
How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationGAP Subject Area 2 Risk Evaluation and Control
BCI Professional Practice Narrative: Determine the events and external surroundings that can adversely affect the organization and its facilities with disruption as well as disaster, the damage such events
More informationWilliam Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University
William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationBusiness Continuity. Port environment
Business Continuity Port environment DEFINE BUSINESS CONTINUITY WHAT IT IS NOT RECOVERY FOCUS: PEOPLE PROCESSES TECHNOLOGY DELIVERABLES INFRAGARD DEFINITION MANAGEMENT PROCESS DEVELOPING ADVANCE PROCEDURES
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Trends, Considerations, & Leading Practices November 13, 2014 Presented by: Jon Bronson Los Angeles Trey MacDonald Atlanta Today s Presenters Jon Bronson is a
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationwww.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012
www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012 Agenda Introduction Mark Gibbons 12:00 12:05 Governance, Risk and Compliance Overview Mark Gibbons
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...
More informationBC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value
BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged
More informationBusiness Continuity Planning: Bridging the Gap Between IT and Business
Business Continuity Planning: Bridging the Gap Between IT and Business Steve Burns, President EverGreen Data Continuity, Inc. sburns@evergreen-data.com 1 The Hard Facts One-third of businesses don t include
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2014 Date October 18, 2014 Status Author Business Continuity Management (BCM) Page 1 of 8 Table of Contents 1. Credit Suisse Business Continuity Statement 3 2.
More informationProtecting Your Business
Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS Business Continuity/Disaster Recovery Planning 1 Agenda:
More informationBusiness Continuity Management AIRM Presentation
16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business
More informationContinuity of Operations Planning. A step by step guide for business
What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures
More informationIntel Business Continuity Practices
Intel Business Continuity Practices As a global corporation with locations and suppliers all over the world, Intel requires every designated Intel organization to embed business continuity as a core business
More informationContingency Planning for Senior Management. What you need to know about your business recovery
Contingency Planning for Senior Management What you need to know about your business recovery Agenda Current Regulatory Environment Risk Management What is Contingency Planning Components of a solid recovery
More information2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP
2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.
More informationDRII PP Introduction to the Professional Practices Page 1
Professional Practice Introduction Business Continuity Management (BCM) is a management process that identifies risk, threats and vulnerabilities that could impact an entity s continued operations and
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationSubject Area 1 Project Initiation and Management
DRII/BCI Professional Practice Narrative: Establish the need for a Business Continuity Plan (BCP), including obtaining management support and organizing and managing the BCP project to completion. (This
More informationPlan Development Getting from Principles to Paper
Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards
More informationQ uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper
This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related
More informationDisaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International
Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International BCP Definitions Business Continuity Plan: An ongoing process supported by senior management
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationSCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com
SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A
More informationPreparing for the Convergence of Risk Management & Business Continuity
Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today
More informationBusiness Continuity Glossary
Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;
More informationCisco Disaster Recovery: Best Practices White Paper
Table of Contents Disaster Recovery: Best Practices White Paper...1 Introduction...1 Performance Indicators for Disaster Recovery...1 High Level Process Flow for Disaster Recovery...2 Management Awareness...2
More informationDisaster recovery strategic planning: How achievable will it be?
Disaster recovery strategic planning: How achievable will it be? Amr Ahmed Ernst & Young Advisory Services, Executive Director amr.ahmed@ey.com Christopher Rivera Ernst & Young Advisory Services, Manager
More informationBusiness Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke
Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Agenda Key components essential to a FFIEC compliant Business Continuity Plan Recovery Time Objectives & Recovery Point
More information