The Resilient IT Infrastructure Jeremy Wong Senior Vice President BCM Institute Republic Polytechnic, Block W4, Level 1, LR-W4B 25 November 2013
Jeremy Wong Senior Vice President Business Continuity Management (BCM) Institute jeremy@bcm-institute.org www.bcm-institute.org Senior Vice President GMH Continuity Architects Asia Pacific BCM Consulting Firm www.gmhasia.com
Jeremy Wong Nomura Head of BCM, South Asia United Overseas Bank Head of BCM Bax Global J. P. Morgan Andersen Consulting
Agenda How business continuity and IT disaster recovery standards have evolved? What are the IT DR competencies needed to sustain resiliency? What can we learn from IT disruptions in the last 12 months? 4
One component of having a resilient infrastructure is to have a good. IT DISASTER RECOVERY 5
IT Disaster Recovery (DR) Is the ability of an organization to provide critical Information Technology (IT) and telecommunications capabilities and services, after it is disrupted by an incident, emergency or disaster. Recovers the disrupted IT and telecommunications capabilities to ensure CBFs can continue within a minimum period of time, pre-determined by the organization, to planned levels of operations. 6
7
Benchmarking your infrastructure with the recent international. IT DR AND BCM STANDARDS 8
10 Benefits of Standards 1. Standards help you compete on a level playing field with bigger organisations 2. Standards open up export markets for your products and services 3. Standards help you discover best business practices 4. Standards drive efficiency in your business operations 5. Standards add credibility and confidence for your customers 6. Standards open new business opportunities and sales 7. Standards give you the competitive edge 8. Standards make your brand name internationally recognised 9. Standards help your company grow 10. Standards enable a common language to be used across an industry sector 9
Business Continuity and IT Disaster Recovery Standards SS507:2008 Singapore Standard for Information and Communications Technology Disaster Recovery Services ISO/IEC 24762:2008 Information technology Security techniques Guidelines for information and communications technology disaster recovery services ISO/IEC 27031:2011 Information Technology: Security Techniques Guidelines for ICT Readiness for Business Continuity ISO/IEC 22301:2012 Societal Security: Business Continuity Management 10
SS 507:2008 Singapore Standard for ICT Disaster Recovery Services Targeted at ICT DR service providers (internal and outsourced) that wish to get certified under the standard; Provides a basis to certify and differentiate the outsourced ICT DR service providers; Helps the end user organisations in selecting the best-fit service providers ; Provides quality assurance; Establishes industry best practices to mitigate outsourcing risks 11
ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services Aimed at aiding the operation of an Information Security Management System (ISMS) by providing guidance on the provision of information and communications technology disaster recovery (ICT DR) services as part of business continuity management * ISO/IEC 27001 and ISO/IEC 27002 include a control objective for information security aspects of business continuity management 12
ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services ISO/IEC 24762:2008 specifies: The requirements for implementing, operating, monitoring and maintaining ICT DR services and facilities; The capabilities which outsourced ICT DR service providers should possess and the practices they should follow, so as to provide basic secure operating environments and facilitate organizations' recovery efforts; The guidance for selection of recovery site; and The guidance for ICT DR service providers to continuously improve their ICT DR services. 13
ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services
ISO/IEC 27031:2011 Guidelines for ICT Readiness for Business Continuity Effective BCM is frequently dependent upon effective ICT readiness to ensure that the organization's objectives can continue to be met in times of disruptions * As part of the implementation and operation of an information security management system (ISMS) specified in ISO/IEC 27001 15
ISO/IEC 27031:2011 Guidelines for ICT Readiness for Business Continuity ISO/IEC 27031:2011 Describes the concepts and principles of information and communication technology (ICT) readiness for business continuity Provides a framework of methods and processes to identify and specify all aspects for improving an organization's ICT readiness to ensure business continuity Enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner 16
Integration of IRBC and BCMS IRBC: ICT Readiness for Business Continuity BCMS: Business Continuity Management System 17
ISO/IEC 22301:2012 Societal Security: Business Continuity Management Specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS). The BCMS Includes: o Policy o Roles and Responsibilities o Management Processes o Documentation 18
ISO/IEC 22301:2012 Societal Security: Business Continuity Management 19
Convergence of BCM Standard 20
Managing a resilient infrastructure requires a team with strong. IT DR COMPETENCY 21
BCM Body of Knowledge www.bcmpedia.org/wiki/bcm_body_of_knowledge_(bcmbok)
Competency Level Knowledge Skills
DR Competency Key DR elements in addition to methodology and management processes: People Facilities Technology (Hardware/Network/Software) Data Processes Suppliers 24
Learning from disruption will help present future. IT DISRUPTIONS 25
BCM Institute Profile We are a global convergence of thought leadership in Business Continuity, Disaster Recovery and Crisis Management Global Professional Development and Qualification developed by Technical Experts and Thought Leaders Largest Continuity Training and Certification Organization in Asia Pacific Governed by Education, Examination and Certification Committees Delivered by Industry Practitioners, Professionals and Peers Learned by Professionals, Practitioners, Consultants, Auditors, Officials from all industry sectors of over 850 Organisations and Multi National Corporations (MNC) across 40 countries Education Certification & Professional Development Thought Leadership Conducting and administering courses and exams. Providing a career path and a common body of knowledge for business continuity and disaster recovery professionals Organizing conferences and seminar events. Publishing technical and research papers
BCM Institute started in January 2005 Provide competency based BC, CM and DR training to all levels More than 1500 professionals from 40 countries. Started certification programme in April 2007 Certify BC and DR professionals globally
BICSI and BCM Institute BICSI Focuses on developing professionals to build, manage and design of IT systems like datacentre BCM Institute BCMI focuses on developing professionals to plan, build and manage the IT-DR plan 28
If you are interested in this topic, send me a note on your view.. THANK YOU Jeremy Wong Senior Vice President Mobile: +65 9794 3980 Tel: +65 6748 1528 Email: jeremy@gmhasia.com