Business Continuity Management Emerging Trends



Similar documents
Proposal for Business Continuity Plan and Management Review 6 August 2008

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Business Continuity Management Software

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity and Disaster Recovery Planning

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

Temple university. Auditing a business continuity management BCM. November, 2015

IT Service Continuity Management PinkVERIFY

The PNC Financial Services Group, Inc. Business Continuity Program

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity Management: Emerging Trends

BT Conferencing Business Continuity Management. Planning to stay in business

Principles for BCM requirements for the Dutch financial sector and its providers.

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

BCP and DR. P K Patel AGM, MoF

The Difference Between Disaster Recovery and Business Continuance

How to measure your business resiliency

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

TalentLink Disaster Recovery & Service Continuity

INFORMATION ASSURANCE

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

External Supplier Control Requirements BCM

Disaster recovery strategic planning: How achievable will it be?

Western Intergovernmental Audit Forum

NHS 24 - Business Continuity Strategy

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

BUSINESS CONTINUITY PLAN OVERVIEW

Business Continuity & Recovery Plan Summary

BS BUSINESS CONTINUITY MANAGEMENT

The PNC Financial Services Group, Inc. Business Continuity Program

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Best Practices in Disaster Recovery Planning and Testing

Company Management System. Business Continuity in SIA

IT Governance Dr. Michael Shaw Term Project

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Business Resiliency Business Continuity Management - January 14, 2014

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Certified Information Security Manager (CISM)

Disaster Recovery as a Service An Overview

Business Continuity & Recovery Plan Summary

State of South Carolina Policy Guidance and Training

Prepared by Rod Davis, ABCP, MCSA November, 2011

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

Business Continuity Planning

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Management

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS

Cybersecurity: What CFO s Need to Know

Appendix J: Strengthening the Resilience of Outsourced Technology Services

Unit Guide to Business Continuity/Resumption Planning

Overview. Emergency Response. Crisis Management

Top Ten Technology Risks Facing Colleges and Universities

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

Disaster Recovery and Business Continuity Plan

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Business Continuity Planning. A guide to loss prevention

A BCP Tale: From Theory to Practice

Business Continuity Planning

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

Business Continuity Management Planning Methodology

Best Practices in Developing an IT Disaster Recovery Plan. Vijaykumar Kulkarni AGM Product Management

Click to edit Master title style

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

IBM Smartcloud Managed Backup

Business Continuity Plan

Business Continuity Overview

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

a Disaster Recovery Plan

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION

INFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

Virginia Commonwealth University School of Medicine Information Security Standard

Plan Development Getting from Principles to Paper

Transcription:

Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO 22301 LI Associate Director Axis Risk Consulting March 2013

Outline 2 1. Business Trend and Emerging Technology Impact on BCM 2. Emerging Technology Benefits for BCM 3. Risk Management, Governance and Assurance Trends 4. Implementation Trends ISO Certified BCMS 5. Implementation Trends Threat Assessment Efficiencies 6. Implementation Trends Integration with ERM Tools 7. Implementation Trends Leveraging public email services 8. Implémentation Trends Virtual Desktop Infrastructure 9. Implementation Trends Work from Home - Work from Anywhere 10. Implementation Trends Crisis Management Call Tree

Business Trend and Emerging Technology Impact on BCM 3 Rapidly Changing Business Environment The rapid pace of business and technology changes coupled with increasing performance expectations from customers, employees and management apply constant pressure on IT infrastructures and supporting teams to provide around-the-clock availability and minimize planned and unplanned disruptions. Global Operations The shift of IT services to specialized third-party service providers is driving higher expectations of greater utilization and efficiency. There are also new threats and vulnerabilities to business performance, security and continuity arising from growing interdependencies with third-party service providers. Regulatory Scrutiny The disperse storage or processing of data exposes enterprises to potential legal and regulatory risk. It is vital that enterprises secure, under contract, the right to know the ultimate location of its data and defines clear roles, responsibilities and liabilities relative to legal and regulatory requirements. Emerging Technologies Enterprises need to adopt technologies that enable high-availability systems, real-time communications and faster recovery times while minimizing IT cost. Advances in telecommunications, more user-friendly technology, improved data storage solutions, cost-effective virtualized environments, cloud computing, mobile devices and social networks. Source: An ISACA Emerging Technology White Paper December 2012

Emerging Technology Benefits for BCM 4 Recovery Time and Data Loss Advances in data storage and replication capabilities Better backup technologies, server virtualization Disaster recovery plans that take advantage of virtualization require less physical resources and administrative personnel New parameters for RTO and RPO Improved Resilience Server virtualization and cloud computing - provides ability to move applications to temporary environments Virtual desktop infrastructure (VDI) enables more distributed work forces and access to critical applications during a disaster. Cloud computing services - DRaaS, BaaS, STaaS and SaaS. Cost Efficiency Virtualization, virtualized server, Cloud Computing - reduce the number of IT assets and administrative personnel, can be used to test DR and BC plans and save money by turning off services after testing is complete Mobile devices may be a cheaper option than providing traditional computer equipment for home use or for temporary use similarly social networks could be leveraged for communication to larger audiences Communications Automated notification systems have replaced manual call-tree processes Offsite storage of plans plans on mobile devices Social networks can be an efficient way to communicate during a disaster Source: An ISACA Emerging Technology White Paper December 2012

Risk Management, Governance and Assurance Trends 5 Risk Management The analysis must be updated as business processes, organizations and IT systems change The level of complexity to map applications and services to business processes to facilitate an effective BIA represents a challenge for many enterprises Governance Appropriate Governance Forum, may be the common forum for overall risk for better representation, co-ordination and integration Adequate policies requiring management to implement and maintain a BCM program RACI chart for the key governance and management practices BCM Assurance The primary assurance consideration - Ascertain whether the enterprise has a mature process to assess risk related to changes and properly modify BCM strategies accordingly Standards ISO 22301, ISO 27031, FFIEC Frameworks & Best Practices COBIT, Risk IT, ITIL Source: An ISACA Emerging Technology White Paper December 2012

Implementation Trends ISO Certified BCMS 6 Certification Trends Analysis of BS 25999 vis-à-vis ISO 22301 BS 25999 certified Organizations are in the transition path for ISO 22301 Some Organizations have stated looking at BCMS certification to integrate in to the existing ISO frameworks Opportunity to also align everything in to Enterprise Risk Management - ISO 31000 specifically referred in the standard for Risk / Threat Assessment integration ISO 22301 Elements Interested Party Analysis Citizens Customers Distributors Shareholders Investors Owners

Implementation Trends ISO Certified BCMS 7 Activities Phase Phases - Plan, Do, Check, Act Plan Understand the organization Expectation of interested parties Scope of Management Systems BCMS and policy Roles, Responsibilities and Authorities BC Objectives Actions to address risk & opportunities Resources, Competence Awareness & Communication Do Operational Planning & Control Business Impact Analysis Risk Assessment BC Strategy Establish & implement BC procedures Exercising and Testing Continuous Improvement life Cycle Check Monitoring, Measurement, Analysis and Evaluation Internal Audit PLAN Management Review DO ACT CHECK Act Treatment of Nonconformities Continual Improvement

Implementation Trends Threat Assessment Efficiencies 8 Efficiencies in TA Generic site / facility specific TA Repetitive Threats at process level poses challenges in consistency, maintainability and usability Segregating Threat Assessment in to separate domains specific for site and process brings in effectiveness and efficiency Supplemental Process specific TA

Implementation Trends Integration with ERM Tools 9 Integration Advantages Snap shot of Risk including BCM Risk Consolidate business continuity and disaster recovery plans, business processes, impact analyses and recovery procedures to allow efficient governance Test your business continuity and disaster recovery plans to identify process gaps, determine the time it will take to restore business processes and infrastructure, and ensure that all dependencies have been captured. Report crisis situations that occur anywhere in the organization, including natural disasters, workplace violence, product tampering, terrorist attacks, etc. In the event that a crisis occurs, enable rapid contact with emergency responders through phased notification plans designed for specific business units, departments or facilities. Gain an enterprise view of business continuity program through flexible reporting capabilities. Report in real time on plan testing, gap analyses and remediation efforts, and gain a real-time view of current and historical crisis

Implementation Trends Leveraging public email services 10 Low cost, high availability Minor configuration tweaks during disaster Emails are seen as life line of the organization communication and restoring it during major IT disaster is always a challenge Increasingly public domain email services are leveraged for immediate recovery Additional risk assessment of data confidentiality Temporary Corporate Mail Box

Implementation Trends Virtual Desktop Infrastructure 11 Virtual Desktop Infrastructure Practices Virtual Desktop Infrastructure Implementation Virtual desktop infrastructure (VDI) has a positive impact on BCM because it enables more distributed work forces and access to critical applications during a disaster. As long as employees can access the Internet, they will have access to applications configured to be delivered using virtual desktops; this can minimize productivity loss and reputational damage resulting from poor customer support during an outage. Leveraging VDI as part of the BCM strategy can help reduce the cost associated with work area recovery because the efforts to recover physical facilities may be spread over longer periods of time without sacrificing productivity or efficiency.

Implementation Trends Work from Home - Work from Anywhere 12 WFH - WFA Traditional Work From Home With penetration of smart phones and smart hand held computing devices, many more options have opened up for Disaster Recovery Strategies All critical processes could be supported during disaster scenarios with the required voice and data capabilities Work from Anywhere Options Work from Anywhere Options

Implementation Trends Crisis Management Call Tree 13 ANS Advantages Automated Notification Systems Automated notification systems have replaced manual call-tree processes. These automated systems can be linked to human resource (HR) databases to update employee information efficiently and in a timely manner, thus reducing the risk of using outdated contact information during a critical time. Messages can be distributed using voice, short message service (SMS) or email and received using mobile devices.

This document has been developed by Axis Risk Consulting ( Axis ) and will remain its property, and as such, the contents may not be disclosed to any third party, nor may any original concept devised by Axis be used commercially. w w w. a x i s i n d i a. c o.i n CONTACT INFORMATION Samir Shah Associate Director Samir.Shah@axisindia.co.in +91 9820454123 Mumbai Gurgaon Bangalore New York London Sydney Nishuvi, 3 rd Floor 75, Dr Annie Besant Road Worli, Mumbai 400 018 +91 (22) 6155 1000 1st Floor, 22-B, Sector 18 - Udyog Vihar, Ph IV, Gurgaon 122 002 +91 (124) 428 4600 Gr Floor Bldg 2 Salarpuria Softzone Outer Ring Road, Bellandur, Varthur Hobli Bangalore 560 103 +91 (80) 3041 3000 1251 Avenue of the Americas Suite 4100, New York, New York 10020 +1 (804) 893-3349 Genpact UK Limited 64 Baker Street London W1U 7GB +44 (207) 535 5400 Darling Park, Tower 2 201, Sussex Street Sydney 2000, Australia +61 (29) 006 1171 2007 Axis Risk Consulting. All rights reserved. 2013 Axis Risk Consulting. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information