Using the GPGs to Solve Business Continuity Problems

Similar documents
BCI Good Practice Guidelines (GPG) Location: Mauritius

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Certification. Is it Right for You? 2013 Micron Technology, Inc. February 12, 2014

Business Continuity Management Framework

The Chartered Institute of Marketing

BCM Data Research within a Business Intelligence Dashboard

Introduction to Business Continuity Planning

CERTIFICATION IN BUSINESS CONTINUITY. by Walter G. Green III, Ph.D., SRP, CBCP Associate Professor of Emergency Management University of Richmond

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

The Importance of Performance Metrics in Business Continuity Paul Kirvan, FBCI, CISA

BS BUSINESS CONTINUITY MANAGEMENT

The PNC Financial Services Group, Inc. Business Continuity Program

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

BT Conferencing Business Continuity Management. Planning to stay in business

Creating Risk Gladiators

Business Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM

The Resilient IT Infrastructure

BCM and DRP - RFP Template

Business Continuity and Crisis Management. Interactive workshop on the application of best practice (and more)

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

BCM Trends & Careers. Assess Your Marketability & Formulate a Career Path. By Cheyene Marling, Hon, MBCI June 9, 2014

TRAINING ACADEMY PALADIN RISK MANAGEMENT $4400. Advanced Diploma of Governance, Risk and Compliance. Creating Risk Gladiators NOW ONLY

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

CERTIFICATION IN BUSINESS CONTINUITY By Walter G. Green III, Ph.D., CRP

GOOD PRACTICE GUIDELINES 2010

Business Continuity Management Policy

MEDIA INFORMATION PACK

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Checklist of ISO Mandatory Documentation

Business Continuity Planning

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

Earning Your Security Trustmark+

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

TRAINING ACADEMY PALADIN RISK MANAGEMENT $4400. Advanced Diploma of Governance, Risk and Compliance. Creating Risk Gladiators NOW ONLY

ISO BUSINESS CONTINUITY MANAGEMENT SYStEMS (BCMS) EXPERT IMPLEMENTER

The ITIL Story White Paper

TRAINING ACADEMY. Diploma of Risk Management and Business Continuity PALADIN RISK MANAGEMENT. Creating Risk Gladiators

Merrycon s Approach to Business Continuity Management

TRAINING ACADEMY PALADIN RISK MANAGEMENT. Diploma of Risk Management and Business Continuity 3800 $ Creating Risk Gladiators NOW ONLY AVALIABLE

The PNC Financial Services Group, Inc. Business Continuity Program

Proposal for Business Continuity Plan and Management Review 6 August 2008

Is Business Continuity Certification Right for Your Organization?

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

The ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner.

Business Continuity Management IT Disaster Recovery Green IT Information Security Crisis Management IT Service Management Quality.

Business Continuity / Disaster Recovery Context

Business Continuity Program Benchmark Report Budget Review - SAMPLE -

CSL classroom courses that will be offered up to June 2016 (unless marked otherwise)

RETAIL AUDIT FORUM - AUDITING BUSINESS CONTINUITY

Business Continuity Policy

Corporate Governance & the Financial Crisis

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Planning Methodology

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Business Continuity Management Policy and Framework

The Business Continuity Maturity Continuum

Time Warner Cable s (TWC) Path to Declaring Conformity to ISO 22301

Value Proposition for Fpi Professional Designations

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

19. Planning. 19 PLANNING p1

University of Glasgow. Policy for. Business Continuity Management

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

Elevating Your Career in Business Continuity

ASAE s Job Task Analysis Strategic Level Competencies

Business Continuity Management

Business Resiliency Business Continuity Management - January 14, 2014

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Preparing for the Convergence of Risk Management & Business Continuity

Tips and techniques a typical audit programme

Business Continuity & Crisis Management

GRCCS-BCI International Conference & Exhibition 2016

Third Party Approval & Risk Management

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION

January Communications Manager: Information for Candidates

Comprehensive Emergency Management Education

Business Continuity Management

INFOSEC.MY KNOWLEDGE SHARING SESSION

1.0 Policy Statement / Intentions (FOIA - Open)

TRAINING ACADEMY. Certificate IV in Risk Management Essentials PALADIN RISK MANAGEMENT. Creating Risk Gladiators ($2,000 FOR NON-ACCREDITED OPTION)

Advanced International Trade Management and Freight Forwarding Program

January Brand and Campaigns Executive: Information for Candidates

The Value of Information Security Certifications

How To Plan A Crisis Management Program

The Role of Internal Audit In Business Continuity Planning

Business Continuity Management Policy

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Disaster Recovery Journal Spring World 2014

Global Statement of Business Continuity

Exemplar Global Business Plan FY2016 Summary. Exemplar Global 1

Position Profile. Vice President of Strategic Marketing For the Healthcare Information and Management Systems Society.

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Power to grow. with membership of the world s leading marketing organisation. About us, about you. Membership benefits.

Over 70,000 RELIABILITY CENTERED MAINTENANCE (RCM2 TM ) TRAINING COURSES

The Leadership Challenge Certified Master Program

Competency Requirements for Executive Director Candidates

About RecoveryPlanner.com Business Continuity Management

Application for Professional Certification in Business Continuity & Disaster Recovery Planning

CSCP. Boost Your Supply Chain Performance and Productivity. APICS Certified Supply Chain Professional

What Makes PMI Certifications Stand Apart?

Transcription:

Using the GPGs to Solve Business Continuity Problems Presented by: Brian Zawada FBCI US Chapter Board President www.thebci.org 1

What is the BCI? Founded in 1994, a Member-Owned, Not-for-Profit Professional Association of Business Continuity Professionals A global membership and certifying organization for business continuity professionals Over 8,000 members in more than 120 countries working in an estimated 3,000 organizations in the public and private sectors We stand for excellence in the business continuity profession Our certified grades provide unequivocal assurance of technical and professional competency www.thebci.org 2

What is the BCI? What are the BCI s Objectives? Provide fundamental business continuity skills and specialized business continuity training to develop individual knowledge, skills, and capabilities. Provide members with access to peer-based networking opportunities, enabling them to share experiences and knowledge. To is the BCI s goal to be ESSENTIAL to a member s success in the business continuity and resilience profession. www.thebci.org 3

Who can be a member of the BCI? Professionals seeking international recognition of their professional and technical competency in the BC discipline Individuals currently working in BC related functions who are seeking to improve their knowledge and understanding of the BC discipline Individuals who are looking to benefit from being part of a global network of like-minded professionals to share good practice in BC and related disciplines Newcomers to the discipline who are considering a career in BC or a related profession www.thebci.org 4

A Global Membership BCI Chapters: USA Australasia Canada Swiss SADC Nordic Asia Belgium / Netherlands Japan www.thebci.org 3

What is the BCI USA Chapter? The USA arm of the BCI Founded: 2008 in Daytona Beach, FL 1000+ members and growing rapidly Our strategic goal is to make BCI membership to business continuity professionals in the United States USA Chapter Board Members: Rich Bogle Ted Brown John Jackson Alice Kaltenmark Paul Kirvan Brian Mackay Heather Merchan Margaret Millett Sean Murphy Belinda Wilson Brian Zawada www.thebci.org 6

Why the BCI? 1. Internationally Respected Certification 2. Professional Growth 3. Networking 4. Content 5. Much More www.thebci.org 7

Why the BCI #1 - Certification A global certification brand aligned to industry best practices Benefits to you and your organization: o o o o Credibility (recognition of competency) Opportunity Compensation Approach aligned to best practice www.thebci.org 8

BCI Membership - Experience www.thebci.org 9

Approach to Membership Approach to Membership 1. Review the GPG 2. Take the Exam 3. Complete the Application Membership Level Based on Experience Summarize Your Experience References Or www.thebci.org 10

The Alternate Route to Membership The Alternative Route to Membership was set up for holders of third party business continuity certifications to provide an alternative route to BCI Membership that did not require applicants to sit for the Certificate of the BCI (CBCI) examination but instead, recognize third party certifications as equivalent qualifications www.thebci.org 11

The Alternate Route to Membership The following qualifications and credentials have been identified as at least equivalent to the CBCI: ABCP CBCP MBCP ICOR CORS Exam 12

Why the BCI #2 Professional Growth Training and Education o o o o Instructor-Led Training Custom Training E-Learning CBCI Exam Online Mentoring Program www.thebci.org 13

Training and Education Based on global good practice Delivered by a global network of BCI licensed training partners Instructors with years of practical experience to share Certification CBCI Introductory and Awareness training Specialist skills classes (Crisis and Incident Management, Writing Plans, Exercising etc.) Master classes (BIA, Developing the Plan, etc.) www.thebci.org 14

Course Catalog (sample) Training and Education The Good Practice Guidelines Training Course (3 or 5-Day) The BCI BCM Audit Course The BCI BIA Training Course (2-day) The BCI Supply Chain Continuity Management Course The BCI Crisis & Incident Management Course The BCI Writing Business Continuity Plans Course The BCI Diploma www.thebci.org 15

Mentoring Mentors actively work in Business Continuity or related Professions All Mentors are qualified and experienced Business Continuity professionals and hold either an FBCI, AFBCI or MBCI Mentors and Mentees are carefully matched by the BCI based on learning and development needs Share knowledge and expertise Contribute to the growth of Business Continuity as a recognized discipline in industry Support the and personal development of new and young professionals Interested? Email membership@thebci.org for an application www.thebci.org 16

Why the BCI #3 - Networking Largest Global Network of BCM Professionals Organized as.. Chapters: Asia, Australia, Belgium / Netherlands, Canada, Japan, Nordic, South Africa, Switzerland and United States Forums: UK and Europe, Africa, Canada, Asia, Middle East, South America Global Conference USA Conferences and Association Participation BCAW BCM Executive Forum Consultant Directory BCI Chapters Forums www.thebci.org 17

Why the BCI #4 - Content The BCI Good Practice Guidelines Continuity Magazine The BCI enewsletter BCI Benchmark Special Reports (topical and lessons learned) C-Suite Toolkit Surveys, benchmarking and white papers Other free webinars www.thebci.org 18

The BCI Good Practice Guidelines A Guide to Global Good Practice in Business Continuity The most comprehensive and independent view of current thinking in Business Continuity Provides not just the what to do, but answers the why, how and when of good BC practice Written by BC professionals for BC professionals Used in training and examining individuals and organizations (our body of knowledge) Aligned to ISO 22301 Reference material for academic institutions www.thebci.org 19

What is the BCI? How can I get a copy of the BCI s Good Practice Guidelines (2013)? BCI members can download a free pdf version from the Members Area Non-members can purchase a pdf version from the BCI website www.thebci.org www.thebci.org 20

Why the BCI #5 Much More Why BCI: #5 Much More Discounts Job listings and postings Advocacy (government and academia) Continuing Professional Development (CPD) System www.thebci.org 21

The Six Professional Practices www.thebci.org 22

The BCI s Definition of Business Continuity The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Source: ISO 22301:2012

GPG Alignment to ISO 22301? Responsibilities of Top Management Setting strategic objectives Resources for business continuity The importance of the BIA and a stronger link to the organizations approach to risks and threats Resource requirements, skills and competence of people involved Training, awareness and communications Document management Exercising and testing Monitoring performance and measuring value of business continuity

GPG Alignment to ISO 22301? ISO 22301 BCI GPG s (2013) 4.1 Understanding of the organization and its context PP1 Policy & Program Management 4.2 Understand the needs and expectations of interested parties PP1 Policy & Program Management 4.3 Determining the scope of the business continuity management PP1 Policy & Program Management system 5.1 Leadership and commitment PP1 Policy & Program Management 5.2 Management commitment PP1 Policy & Program Management 5.3 Policy PP1 Policy & Program Management 5.4 Organizational roles, responsibilities and authorities PP1 Policy & Program Management GPG Alignment to ISO 22301?

GPG Alignment to ISO 22301? ISO 22301 BCI GPG s (2013) 6.1 Actions to address risks and opportunities PP1 Policy & Program Management 6.2 Business continuity objectives and plans to achieve them PP1 Policy & Program Management 7.1 Resources PP1 Policy & Program Management 7.2 Competence PP2 Embedding Business Continuity 7.3 Awareness PP2 Embedding Business Continuity 7.4 Communication PP2 Embedding Business Continuity

GPG Alignment to ISO 22301? ISO 22301 BCI GPG s (2013) 8.1 Operational planning and control PP1 Policy & Program Management 8.2 Business impact analysis and risk assessment PP3 Analysis 8.3 Business continuity strategy PP4 Design 8.4 Establish and implement business continuity procedures PP5 Implementation 8.5 Exercising and testing PP6 Validation

GPG Alignment to ISO 22301? ISO 22301 BCI GPG s (2013) 9.1 Monitoring, measurement, analysis and evaluation PP6 Validation 9.2 Internal audit PP6 Validation 9.3 Management review PP2 Embedding Business Continuity PP6 Validation 10. Nonconformity and corrective action PP6 Validation 10.2 Continual Improvement PP6 Validation

PP1 Policy and Program Management Defines an organization s policy relating to BC, how it will be implemented, controlled and validated through a BCM program Setting BC Policy and determining the scope of the BCM program Defining governance and assigning roles and responsibilities Implementing a BCM program, managing documentation using program and project management techniques Managing outsourced activities and supply chain continuity BCI Good Practice Guidelines 2013 29

Policy and Program Management The BCM program operates at three levels: Strategic Tactical Operational Decisions are made and policy is determined Operations are coordinated and managed Activities are undertaken BCI Good Practice Guidelines Training Course Module One Version 1.0 30

PP2 Embedding Business Continuity The Management Professional Practice that continually seeks to integrate BC into day-to-day business activities and organizational culture Organizational Culture Skills and Competence Managing a Training Program Managing an Awareness Campaign BCI Good Practice Guidelines 2013 31

PP3 Analysis Reviews and assesses and organization in terms of what its objectives are, how it functions and the constraints of the environment in which it operates. Business Impact Analysis (BIA) Threat Analysis (includes risk assessment) BCI Good Practice Guidelines 2013 32

PP4 Design Identifies and selects appropriate strategies and tactics Continuity and Recovery Strategies and Tactics Threat (Risk) Mitigation Measures Incident Response Structure BCI Good Practice Guidelines 2013 33

PP5 Implementation Executes the agreed-upon strategies and tactics through the process of developing plan documentation Business continuity plans Developing and managing plans at a strategic, tactical and operational level BCI Good Practice Guidelines 2013 34

PP6 Validation Confirms the BCM program meets objectives set in the BC Policy and that plans are fit for purpose Developing an exercise program Developing and running exercises Maintenance of the BCM program Review of the BCM program BCI Good Practice Guidelines 2013 35

How the GPG s Help Solve Problems!

My Top 6 Problems (Case Study) GPG Problem Description PP1 Policy and Program Management PP2 Embedding Business Continuity PP3 Analysis PP4 Design Management Engagement Participation Focus Proactive vs Reactive (and scope) My steering committee isn t coming to meetings anymore or they ve delegated their role. The VP from Department X assigned his administrative assistant as his group s planner. We have 1000 plans in our software tool but we re not sure we re recovering what truly matters. We seemed to be laser focused on reacting to events. Shouldn t we be equally focused on preventing disruption in the first place? Also, when it comes to being reactive, is it strange we seem to be predominantly focused on IT? PP5 Implementation PP6 Validation Templates vs Plans Measurement No one seems to use the plans we ve documented. And why would they all read the same, almost as if they re templates! We have 1000 plans, all updated in the last 12 months but we re not sure if we re actually ready for a disaster.

PP1 Policy and Program Management My steering committee isn t coming to meetings anymore or they ve delegated their role. Root Cause: The program is focused on planning activities rather than what it s protecting and the performance of response/recovery strategies. Solution: Speak their language in terms of scope (product/services) and program objectives.

PP2 Embedding Business Continuity The VP from Department X assigned his administrative assistant as his group s planner. Root Cause: Role-specific competencies aren t defined. Solution: For each role, define the skills and experiences necessary to be successful, and then measure the assignment process; drive competency improvement.

PP3 Analysis We have 1000 plans in our software tool but we re not sure we re recovering what truly matters. Root Cause: Management has not defined priorities in terms of products and services, and because of that, the program focuses on every box on the organizational chart. Solution: Perform strategic, tactical and operational level business impact analyses in order to bring focus to the program.

PP4 - Design We seemed to be laser-focused on reacting to events. Shouldn t we be equally focused on preventing disruption in the first place? Also, when it comes to being reactive, is it strange we seem to be predominantly focused on IT? Root Cause: The organization isn t focused on controls to mitigate risk; rather, it s all about focusing on reacting to risk, with too much of a focus on one specific resource IT. Solution: Use the risk assessment to identify and implement control enhancement; and identify strategies to address a loss of all resources facilities, people, equipment, IT and suppliers/service providers.

PP5 - Validation No one seems to use the plans we ve documented. And why do they all read the same, almost as if they re templates? Root Cause: Procedures fail to support the response and recovery decision-making process. Solution: Ensure procedures answer the key questions what, who, where, when and how.

PP6 - Validation We have 1000 plans, all updated in the last 12 months but we re not sure if we re actually ready for a disaster Root Cause: The business continuity program is measuring success based on the execution of activities rather than the performance of strategies. Solution: Determine if you can recover products and services consistent with management expectations and report on that!

GPG Related Conclusions ISO 22301 and the GPG s help improve performance ISO 22301 is written for the organization, the GPG s are written for the business continuity professional tasked with implementing best practice Both documents leverage the equivalent of centuries of experience to focus on the best practices necessary to ensure organizations proactively mitigate continuity-related risk and response/recover appropriately

Summary: Why the BCI? New training programs (in-person and webinar-based) Complementary webinars and print content to introduce emerging practices and member experiences Research and other publications to add value to your career and employer A renewed mentoring program that matches BCI members based on geography, industry, expertise and need An Executive Forum for senior business continuity practitioners in the US to collaborate and share ideas, modeled after the successful approach used by the BCI in Europe A new membership level aimed at the experienced practitioner, the AFBCI Continued, strong partnerships with DRJ and Continuity Insights These and other US-focused services are in addition to the excellent benefits of the BCI overall www.thebci.org 45

To find out more about BCI Certification, Membership, Training & Education, or Partnership, visit us in the Ballroom or go to: www.thebci.org and follow the links www.thebci.org 46

Join us or connect with us today www.thebci.org http://www.thebci.org/index.php/home/us-chapter-home Twitter: @BCI_US_Chapter LinkedIn: BCI USA The Business Continuity Institute US Chapter Abby Horan 703.637.4407 Membership@thebci.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information