Business Continuity for the New Professional Britt Corra Enterprise BCM Erika Voss Senior BCM
New to Business Continuity? Agenda & Experience 3-5 years experience? Seasoned veteran? What is BCM Tool Kit? Where do we begin? BCM is constantly changing and evolving
Disaster Recovery Critical IT systems supporting the business IT Service Continuity System replication Data replication Recovery sites vs. high availability DR tests
Program, policy, governance and standards Manage risk and exposure Develop recovery strategies Build continuity into the business Recover critical business processes Business Continuity
Resilience Automated recovery Geo-diverse Multi-instance Continuous data Operational resilience Reliability
Project Management Program governance, oversight, sponsorship Coordination of execution model Testing cycles Data repository Program refresh cycle
Certifications Disaster Recovery Institute (DRI) Business Continuity Institute (BCI) International Consortium Organizational Resilience (ICOR) Program Management PMI ITIL
Industry Standards ISO 22301 BS 25999 ISO 27001 ISO/PAS 22399:2007 NFPA 1600
Exercises & Scenarios HSEEP Table Top Failovers Functional First Responders Natural Disasters, Man-Made, Technological
Performing the Exercise Exercise Types There are two basic types of exercises: Discussion Based Operations Based
Performing the Exercise Discussion-Based Exercises Focus is primarily to strategic and policy concerns Validate roles and responsibilities Enable vetting of events that would normally disrupt business Identify gaps in resource planning Operations-Based Exercises Focuses on interaction Validates plans, policies, agreements, and procedures solidified in discussion-based exercises Identify gaps Examples Seminars Workshops Tabletop Games / Orientations Examples Structured Walk-Through Drill Functional-Exercises Full-scale Exercises
Classic Exercise Methodology Exercise project management involves five phases: Foundation Design and Development Conduct Evaluation Improvement Planning
Risk Environments Enterprise Small to Medium Businesses Supply Chains Operational Risk Assessments Business Impacts Dependencies
Approaching Risk
Hot Topics Supply Chain Enterprise Risk Environment Internet of Things Cloud
Supply Chain Council Charter Driving Business Continuity Drive program ownership Understanding & Awareness for Supply Chain BCP Bring Key Players to the table for Suppliers Steering Program Management Review/approve program objectives Set priorities for program execution Supply Chain Recovery & Resiliency Logistics & Security Infrastructure Road, Rail, Ports, Air, Labor Unrest Asset Protection Cargo Damage/Theft Warehouse Managing and Mitigating Risks Review Supply Chain risks and mitigations Provide governance over risk mitigation Ensure necessary resources are available Validate Supply Chain can sustain an Disruption Manufacturing Standards ISO 14001, 22301, and NFPA1600 Development with MSCIS & Security Ops Quality Assurance Capacity Planning Audit & Compliance SOX, Regulatory Financial Reporting Trade / Fair-Trade or American Act Environmental Security Clearance Traffic & Arms
Tools Archer LDRPS ebrp ShadowPlanner Internal Mass Notification(s) SunGard Availability
Bridge them Together What? Who? How? Why? When? Where? Next Steps?
Types of Plans Building plans BCPs DRPs SOPs (integration) ERPs Cyber Response Incident, etc. The Plan, The Plan, The Plan Boss
Professional Tool Kit What goes in here Grab n Go Professional Bag Response Expertise Blend
Questions Britt Corra Advisor Enterprise Business Continuity One Microsoft Way Redmond, WA 98052 Tel: (425) 421-0889 Mobile: (206) 818-2748 britco@microsoft.com Erika Voss, CBCP, CHS-III, CORE, MBCI Senior Business Continuity Manager One Microsoft Way Redmond, WA 98052 Tel: (425) 421-2403 Mobile: (206) 817-9317 evoss@microsoft.com
References ANSI / NFPA 1600:Standard on Disaster/Emergency Management and Business Continuity Programs. National Fire Protection Association http://www.nfpa.org British Standards BCI Good Practice Guidelines Section 5 & 6, British Standard 25999 Parts 1 & 2 BS 25777:2008 Information and Communication Technology Continuity Management www.thebci.org BS 25999-1: 2006 Business Continuity Management Part 1: Code of Practice. BSI Business Information http://www.bsi-global.com Business Continuity Guideline, A Practical Approach to Emergency Preparedness, Crisis Management, and Disaster Recovery. ASIS, http://www.asisonline.org/guidelines/guidelines.htm
References Continued ANSI / NFPA 1600:Standard on Disaster/Emergency Management and Business Continuity Programs. National Fire Protection Association http://www.nfpa.org British Standards BCI Good Practice Guidelines Section 5 & 6, British Standard 25999 Parts 1 & 2 BS 25777:2008 Information and Communication Technology Continuity Management www.thebci.org BS 25999-1: 2006 Business Continuity Management Part 1: Code of Practice. BSI Business Information http://www.bsi-global.com Business Continuity Guideline, A Practical Approach to Emergency Preparedness, Crisis Management, and Disaster Recovery. ASIS, http://www.asisonline.org/guidelines/guidelines.htm