With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
|
|
- Isaac Daniel
- 7 years ago
- Views:
Transcription
1 How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes, hurricanes, earthquakes, tsunamis, floods, fires, uprisings, terrorist attacks, deliberate and accidental data breaches, and cyber attacks. Any organization that believes it is safe from loss due to a natural or manmade disaster is denying reality. Virginia A. Jones, CRM, FAI With the large number of high-profile disasters of the past decade, it is not surprising that the 2010 AT&T Business Continuity Study of 530 organizations showed that 83% of the business executive respondents indicated their organization had a business continuity plan (BCP). However, 12% indicated they did not have a plan, and 5% were not sure. While most organizations are aware that a BCP is necessary to keep their business operational during and immediately following a disruptive event, not all agree on what the plan is or what it should include. Understanding the BCP Business continuity planning is part of a business continuity management (BCM) process that identifies potential risks and vulnerabilities and their impacts on an organization. It provides processes and procedures for mitigating risks and effectively responding to a disruptive event in a way that safeguards the interests of the organization s key stakeholders, reputation, brand, and value-creating activities. To be successful, BCM must be fully integrated across the entire organization as a required management process. BCM includes business continuity planning, which focuses mainly on incident response and, depending on the organization, can include records and information security and risk management processes. According to the Contingency Planning Guide for Information Technology Systems from the National Institute of Standards and Technology, a BCP is the documentation of a predetermined set of instructions or procedures that describes how an organization s business functions will be sustained during and after a significant disruption. It functions as a roadmap that can be followed when a disruptive event occurs. BCP Goals The goal of business continuity planning, as identified by the U.S. Federal Emergency Management 36 NOVEMBER/DECEMBER 2011 INFORMATIONMANAGEMENT
2 Agency (FEMA), is to reduce the consequence of any disruptive event to a manageable level. The specific objectives of a particular organization s continuity plan may vary, depending on its mission and functions, its capabilities, and its overall continuity strategy. In general, according to FEMA, continuity plans are designed to: n Minimize loss of life, injury, and property damage n Mitigate the duration, severity, or pervasiveness of disruptions that do occur n Achieve the timely and orderly resumption of essential functions and the return to normal operations n Protect essential facilities, equipment, records, and assets n Be executable with or without warning n Meet the operational requirements of the respective organization. Continuity plans may need to be operational within minutes of activation, depending on the essential function or service, but certainly should be operational no later than 12 hours after activation. n Meet the sustainment needs of the respective organization. An organization may need to plan for sustained continuity operations for 30 days or longer, depending on resources, support relationships, and the respective continuity strategy adopted. n Ensure the continuous performance of essential functions and operations during an emergency, such as pandemic influenza, that require additional considerations beyond traditional continuity planning n Provide an integrated and coordinated continuity framework that takes into consideration other relevant organizational, governmental, and private sector continuity plans and procedures A BCP concentrates on the core business functions manufacturing processes, customer relations, client or patient interactions, research facilities, information technology infrastructure, and so on. Records and information management (RIM) are rarely included as separate entities. Often, the RIM procedures that should be considered, such as information technology incident response, recovery procedures, and vital records protection, are not included in the overall plan and may need to be part of subsidiary plans. However, RIM has an important role in all aspects of risk mitigation, disaster response, and disaster recovery. RIM s Role in the BCP RIM impacts an effective BCP in several ways: n Records and information are a critical resource throughout the organization, not only as part of ongoing business processes, but also as a resource during a disruptive event. n A current records and information inventory, including information systems and electronically stored information, is essential to implementing and maintaining a successful plan to identify and protect records. n A documented records classification and retrieval system, with organized and well-indexed records, is critical to timely and efficient resumption of operations following a disruptive event. n A documented and established vital records program is essential for the protection and recovery of mission-critical records and for identifying those records required during a disruptive event. n A manual that includes all RIM policies and procedures, including for records retention and disposition, is an important reference for use throughout the organization. Some preparation and data compilation must take place before a plan can be written and implemented. BCM relies on critical business process identification and risk management results to determine the various priorities, tasks, and procedures to include in the plan. Preparing to Write a BCP Some preparation and data compilation must take place before a plan can be written and implemented. BCM relies on critical business process identification and risk management results to determine the various priorities, tasks, and procedures to include in the plan. Preliminary preparation for business continuity planning includes: n Conducting a business impact analysis (BIA) n Developing and implementing a risk mitigation plan n Developing and implementing a vital records program (to identify and safeguard vital records, which are fundamental to the functioning of an organization and necessary to continue operation without delay under abnormal circumstances, according to Glossary of NOVEMBER/DECEMBER 2011 INFORMATIONMANAGEMENT 37
3 Records and Information Management Terms, 3rd Ed.) n Determining the recovery time objective for records and information n Identifying and analyzing business processes to best determine those that are mission-critical Business Impact Analysis The BIA looks at critical processes and considers the operational, financial, and other impacts and exposures for each part of the organization if a serious disruption to those processes occurs. It identifies those processes that must be resumed urgently and those that may be resumed later. It can determine potential loss to the organization if a BCP is not in place and present recommendations to reduce or mitigate these losses, so it is an important step in the risk mitigation process. The BIA should also identify the minimum financial, human, and information resources needed to support the elements of the proposed plan. The ranking of the business processes also affects the records and information necessary for these processes and plays an important role in the vital records identification process. Risk Mitigation BCM focuses on mitigating risks defined by Dictionary.com as the exposure to the chance of injury or loss that the organization cannot absorb. Since it is a very expensive and resource-draining process to protect and recover everything, the organization must decide what cannot be fully protected, duplicated, or saved following an event. The cost of mitigating the risk of records and information loss must be weighed against the value of the information to the organization. This is done by determining the vulnerabilities of the records and by comparing the costs associated with the loss of the records and information against the cost of protecting or reconstructing them. Some organizations may want to expend only the minimum resources to mitigate risk to one or more critical a business continuity plan for records and information must include clearly identified vital records to best allocate resources for their protection and recovery. processes and accept the risk to the rest of the business. Other organizations may want to reduce as much risk as possible, no matter the cost. To achieve a cost and resource balance in risk mitigation, the organization must set its risk tolerance level, which is the maximum exposure to risk (for a given type of risk or across all exposures) that is acceptable based on the benefits and costs involved, according to Managing Risk for Records and Information by Victoria L. Lemieux, Ph.D. The organization should link its risk tolerance and risk objectives to its business goals and objectives. Vital Records Program A records and information disaster results in the loss of records and information essential to the organization s continued operation. Consequently, a business continuity plan for records and information must include clearly identified vital records to best allocate resources for their protection and recovery. Accurate identification of vital information is critical because this information establishes the legal status of the organization as a business entity, documents the assets and liabilities of the organization from a financial perspective, and documents the operations of the organization, which enable production processes or other work to be accomplished, according to Information and Records Management, by Mary F. Robek, Gerald F. Brown, and David O. Stephens. In Snap, Crackle & Pop, a 1985 Records Management Quarterly article, Richard E. Wolff wrote, An effective vital records management program includes descriptions of all vital records necessary to protect assets and ensure continuity of business operations, documentation of procedures and practices followed to protect and restore these records, and adequate operating instructions to permit the effective use of selected records in an emergency. The vital records program should be incorporated as part of the overall BCP. Types of Plans One other preparation for developing a BCP is determining the type(s) of plan(s) to be implemented. Some organizations include all the policies, processes, and procedures in one general plan. Others prepare a general policy and plan that references subsidiary plans for specific types of incidents or for specific core functions, such as information technology. Specific plans more fully address response and recovery for different types of incidents, such as radiation leaks, earthquakes, floods, fires, server crashes, power outages, data breaches, or hurricanes. Sometimes, recovery procedures are considered separate from the general BCP and also have their own referenced plans. 38 NOVEMBER/DECEMBER 2011 INFORMATIONMANAGEMENT
4 National and International Standards Provide a Foundation for Protection International Organization for Standardization n ISO :2001 Information and documentation Records management Part 1: General n ISO/TR :2001 Information and documentation Records management Part 2: Guidelines n ISO/IEC 27002:2005: Information technology Security techniques Code of practice for information security management National Fire Protection Association n NFPA 232: Standard for the Protection of Records, current edition 2012 n NFPA 75: Standard for the Protection of Information Technology Equipment, current edition: 2009 n NFPA 909: Code for the Protection of Cultural Resource Properties Museums, Libraries, and Places of Worship, Current edition: 2010 n NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs, Current edition: 2010 ARMA International n ANSI/ARMA Vital Records Programs: Identifying, Managing, and Recovering Business-Critical Records Creating a BCP Once the preparations are completed, developing the plan can begin. The process of developing a BCP varies for each organization depending on its business functions, risk tolerance level, the types of plan or subsidiary plans it is developing, and the amount of resources it is willing to assign to the process. Steps to Follow In general, the development of a BCP should include the following steps: 1. Establish a planning team. This includes appointing an owner for the plan and for each subsidiary plan and includes representation for all departments or core functions. 2. Conduct a BIA. 3. Decide on the structure, format, components, and content of the plan, and determine the circumstances that are beyond the scope of the BCP. 4. Identify preventive controls. 5. Create contingency strategies. Determine the strategies the plan will document and what will be documented in other plans. 6. Determine the response strategy. 7. Determine the recovery strategy. 8. Establish the vital records plan and an information systems plan. 9. Gather information to populate the plan. 10. Draft the plan. 11. Circulate the draft of the plan for consultation and review. 12. Gather feedback from consultation process. 13. Amend the plan as appropriate. 14. Review and update the plan. 15. Approve the plan and train personnel. 16. Test the plan. 17. Schedule ongoing exercises to ensure that the plan is maintained and remains current. Contents to Include Each BCP and any subsidiary plans should include, at a minimum, the following elements: n A policy statement n Roles and responsibilities who is responsible for doing each task or group of tasks, what is the chain of command and composition of the crisis team during an event, and who is ultimately responsible for initiating the response and/or recovery processes n Continuity or succession of authority a clear statement of alternates when key responsible persons are unavailable n Financial or funding information, including personnel expenses, operational expenses, material and supply expenses, ongoing costs, and contingency funding n Task organization what tasks must be done and in what order n Information distribution procedures n Results of the BIA and appropriate elements from the vital records program and the information systems plan n Response procedures n Recovery procedures (if relevant to the BCP) n Training programs n Testing procedures (used to review and update procedures) n Communications directory n Damage assessment procedures NOVEMBER/DECEMBER 2011 INFORMATIONMANAGEMENT 39
5 Testing the BCP No BCP is successful without testing. The time to find out that some BCP concepts do not work is not while a disruptive event is occurring. There are several methods of testing plans, including two that are recommended by FEMA: Discussion-based exercises include seminars, workshops, tabletop exercises, and games. They highlight existing plans, policies, mutual aid agreements, and procedures, and they are tools to familiarize organizations and personnel with an entity s current or expected capabilities. Decision-based exercises typically focus on strategic, policy-oriented issues. Conducting these exercises do not create a large-scale disruption of daily routine and productivity. Operations-based exercises include drills, functional exercises, and fullscale exercises. They are characterized by actual response, mobilization of apparatus and resources, and commitment of personnel, usually held over an extended period of time. Operations-based exercises can be used to validate plans, policies, agreements, and procedures. Each test should include an evaluation of the test results and identification of weaknesses and lessons learned. These, in turn, are used to revise the plan. Once the organization is comfortable with all revisions, it can then approve and implement the plan. Maintaining the Plan A BCP is not a static document. Changes in core business functions, business locations, technology infrastructure, and other circumstances will require additional considerations and revisions of the plan. The BCP should be reviewed and tested at least yearly, and attention should be paid to any business elements that have been added since the last review. An organization s annual testing of the program, according to FEMA, should include: n Alert, notification, and activation procedures with recommended quarterly testing of such procedures for continuity personnel n Recovery of vital records (classified and unclassified), critical information systems, services, and data n Primary and back-up infrastructure systems and services (e.g., power, water, and fuel) testing at continuity facilities n Required physical security capabilities n Equipment to ensure the internal and external interoperability and viability of communications systems, through quarterly testing of the continuity communications capabilities (e.g., secure and nonsecure voice and data communications) n Capabilities required to perform an organization s essential functions n Formally documenting tests and reporting their results n Internal and external interdependencies identified in the organization s continuity plan, with respect to performance of an organization s and other organizations essential functions Arriving at the Best Solution Each organization s business continuity solution must rely on its unique impact and risk analyses. The best solution for business continuity planning and management will consist of the right mix of internal controls and tools with outsourced services that will meet the organization s requirements for managing the physical, technological, legal, regulatory, and human resource aspects of business continuity. Virginia A. Jones, CRM, FAI, can be contacted at vjones@nngov.com. See her bio on page NOVEMBER/DECEMBER 2011 INFORMATIONMANAGEMENT
Temple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationNHS Hardwick Clinical Commissioning Group. Business Continuity Policy
NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationVital Records. Mary Hilliard, CRM
Vital Records Mary Hilliard, CRM Background Vital records of an organization must be identified so they can be protected Protection of vital records is a joint effort of records management and disaster
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationWestern Intergovernmental Audit Forum
Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit
More informationBUSINESS CONTINUITY PLANNING GUIDELINES
BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationSUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES
SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationContinuity of Operations Planning. A step by step guide for business
What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures
More informationVital Records Identification, Protection, and Disaster Recovery June 16, 2009. Wess Jolley, CRM, Records Manager 1
Pre-Session Handouts University of Kentucky: May 15, 2001 Business Card Slides Risk Assessment Site Survey Records Classifications Disaster Recovery Kit Contents Vital Records Schedule Form Salvage of
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationNHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0
NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,
More informationBusiness Continuity Policy
Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationHow to Plan for Disaster Recovery and Business Continuity
A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationBusiness Unit CONTINGENCY PLAN
Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...
More informationGAP Subject Area 2 Risk Evaluation and Control
BCI Professional Practice Narrative: Determine the events and external surroundings that can adversely affect the organization and its facilities with disruption as well as disaster, the damage such events
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationSubject: Internal Audit of Information Technology Disaster Recovery Plan
RIVERSIDE: AUDIT & ADVISORY SERVICES June 30, 2009 To: Charles Rowley, Associate Vice Chancellor Computing & Communications Subject: Internal Audit of Information Technology Disaster Recovery Plan Ref:
More informationContingency Planning & Disaster Recovery
Contingency Planning & Disaster Recovery The Role of the Records & Information Manager Katherine Jonelis, BCP/Records Specialist SCF Arizona SCF Arizona SCF Arizona is the leading provider of Arizona workers'
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationDisaster Recovery/Business Continuity
CITY AUDITOR'S OFFICE Disaster Recovery/Business Continuity March 6, 2015 AUDIT REPORT NO. 1511 CITY COUNCIL Mayor W.J. Jim Lane Suzanne Klapp Virginia Korte Kathy Littlefield Vice Mayor Linda Milhaven
More informationBUSINESS CONTINUITY PLAN OVERVIEW
BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationBUSINESS CONTINUITY PLANNING
Policy 8.3.2 Business Responsible Party: President s Office BUSINESS CONTINUITY PLANNING Overview The UT Health Science Center at San Antonio (Health Science Center) is committed to its employees, students,
More informationBusiness Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM
Business Continuity for the New Professional Britt Corra Enterprise BCM Erika Voss Senior BCM New to Business Continuity? Agenda & Experience 3-5 years experience? Seasoned veteran? What is BCM Tool Kit?
More informationBusiness Continuity Planning Preparing Your Organization
Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More information2014 NABRICO Conference
Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000
More informationBusiness Continuity and Disaster Recovery Planning 3/16/2011. Lee Goldstein CPCP, MBCI President Business Contingency Group
Business Continuity and Disaster Recovery Planning 3/16/2011 Lee Goldstein CPCP, MBCI President Business Contingency Group Business Continuity/Disaster Recovery Planning to ensure the continuation/recovery
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More informationInformation Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.
Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationHow To Manage A Financial Institution
BUSINESS CONTINUITY MANAGEMENT GUIDELINE April 2010 Table of Contents Preamble...3 Introduction...4 Scope...5 Coming into effect and updating...6 1. Continuity and resumption of business...7 2. Sound and
More informationSupporting information technology risk management
IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management
More informationBusiness Continuity Template
Emergency Management Business Continuity Template The Regional Municipality of Wood Buffalo would like to give credit to the Calgary Emergency Management Agency (CEMA) and the Calgary Chamber of Commerce
More informationCONTINUITY OF OPERATIONS PLANNING
University of North Carolina Wilmington CONTINUITY OF OPERATIONS PLANNING November 9, 2010 Lumina Theater, Fisher Student Center Development of Continuity Planning University of North Carolina Wilmington
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationFlinders University IT Disaster Recovery Framework
Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationBusiness Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business
More informationSmall Business Continuity Workshop. Region 1- Vermont
Small Business Continuity Workshop Region 1- Vermont September 10, 2015 Housekeeping Emergency Procedures Restrooms Distractions 2 Workshop Agenda 9:00 AM Introductions & Objectives 9:15 AM Recent Vermont
More informationImplementing and Auditing a Successful Business Continuity Plan
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI ing and Auditing a Successful Plan Agenda Introductions Training Overview and Objectives
More informationBank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management
Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management Issued under Section 27 of the Banks and Financial Institutions Act 2000 Overview and Key Requirements Business Continuity
More informationMarch 2007 Report No. 07-009. FDIC s Contract Planning and Management for Business Continuity AUDIT REPORT
March 2007 Report No. 07-009 FDIC s Contract Planning and Management for Business Continuity AUDIT REPORT Report No. 07-009 March 2007 FDIC s Contract Planning and Management for Business Continuity Results
More informationNEEDS BASED PLANNING FOR IT DISASTER RECOVERY
The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be
More informationBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery Safety First Quality Every Time 1 Business Continuity & Disaster Recovery Planning Who here has a formal Business Continuity & Disaster Recovery plan? The purpose
More informationUNION COLLEGE INCIDENT RESPONSE PLAN
UNION COLLEGE INCIDENT RESPONSE PLAN The college is committed to supporting the safety and welfare of all its students, faculty, staff and visitors. It also consists of academic, research and other facilities,
More informationBusiness Continuity Planning in Indian Perspective
Journal of Advances in Computational Research: An International Journal Vol. 1 No. 1-2 (January-December, 2012) Business Continuity Planning in Indian Perspective Preetish Ranjan Indian Institute of Information
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationBusiness Continuity Planning and Disaster Recovery Planning
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationSmall Business Continuity Workshop. Region 3- Maryland
Small Business Continuity Workshop Region 3- Maryland August 20, 2015 Housekeeping Emergency Procedures Restrooms Distractions 2 Workshop Agenda 9:00 AM Introductions & Objectives 9:15 AM Recent Maryland
More informationSTEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015
STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationWhat We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs
What We ll Cover Foundations of Records and Information Management Creating a Defensible Retention Schedule Paper v. Electronic Records Organization and Retrieval of Records and Information Records Management
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationBusiness Continuity Management Program Development Guide
Business Continuity Management Program Development Guide Prepared by The NS Emergency Management Office, Winter 2012 Version 1.1 Page 2 of 24 Document Revision History Date Author Revision Notes Fall 2011
More informationManagement of IT Risks
10 number 39 // 2-2006 Management of IT Risks Esther Cerdeño Deputy Director of IT MAPFRE REASEGUROS (Spain) The market needs insurers to study the feasibility of insuring costs relating to loss of information;
More informationHanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness
Issue Date: August 31, 2006 Audit Report Number 2006-DP-0005 TO: Lisa Schlosser, Chief Information Officer, A FROM: Hanh Do, Director, Information System Audit Division, GAA SUBJECT: Review of HUD s Information
More information.my cctld sapproach to Contingency Planning: BCP experience from Information Security perspective. APTLD members meeting 23 rd & 24 th Feb 2012
.my cctld sapproach to Contingency Planning: BCP experience from Information Security perspective APTLD members meeting 23 rd & 24 th Feb 2012 1 What is a Contingency Plan? Plan devised for an exceptional
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationDisaster Recovery Plan (DRP) / Business Continuity Plan (BCP)
Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationBusiness Continuity Policy & Plans
Agenda Item 8.3a SNCCG Governing Body 11.03.2014 Business Continuity Policy & Plans Ref Number: Version: 1 Status: Pending Approval Author: A Brown Approval body Governing Body Date Approved Date Issued
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationBUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION
BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION EXCERPT FROM THE FOREWORD TO THE 2ND EDITION The events of 9/11 have cast a long shadow over the world and led to a vital reappraisal of Enterprise Risk
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationThis presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.
1. An Introduction This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses. This presentation was prepared by the South Central Economic
More information#316 The Security Elements of Business Continuity & Disaster Recovery Plans
#316 The Security Elements of Business Continuity & Disaster Recovery Plans Ken Doughty CISA CBCP ODAS kdoughty@ozemail.com.au Presentation Outline Introduction Overview of Business Continuity Security
More informationHow to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.
How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN
More informationSuccess or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper
Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an
More informationBusiness Continuity Policy
Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications
More information