BCP/DR Reporting Metrics



Similar documents
Continuity of operations for critical infrastructure. Disclosure of critical information to the government.

Regulatory Requirements for Disaster Recovery/Business Continuity Programs

Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012

Global Statement of Business Continuity

The Role of Internal Audit In Business Continuity Planning

SCAC Annual Conference. Cybersecurity Demystified

Guide to Business Continuity Management

Securing your Corporate Infrastructure What is really needed to keep your assets protected

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

EPA Classification No.: CIO P-02.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: Review Date: 08/06/2015

What are you trying to secure against Cyber Attack?

EVOGENE LTD. (THE COMPANY ) AUDIT COMMITTEE CHARTER

Virginia Commonwealth University School of Medicine Information Security Standard

How To Manage Risk

Rules & Regulations Handbook

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

National Patient Information Reporting System: National Data Warehouse. Service Level Agreement

Review of the SEC s Systems Certification and Accreditation Process

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

retained in a form that accurately reflects the information in the contract or other record,

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

AUDIT COMMITTEE OF THE TRUSTEES TEXAS PACIFIC LAND TRUST CHARTER

Charter of the Audit Committee of Asterias Biotherapeutics, Inc.

2.0 ROLES AND RESPONSIBILITIES

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

How to measure your business resiliency

BOARD MANUAL. DATE: May 25, 2011 REVISED/REVIEWED: November 26, 2014

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

Business Continuity Planning (800)

IT Security & Compliance Risk Assessment Capabilities

CRITERIA AND OPERATIONAL STANDARDS FOR WORKPLACE REHABILITATION PROVIDERS 2015

SECURITY. Risk & Compliance Services

Anti corruption and Anti money laundering A critical nexus

UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC INFORMATION SYSTEM CERTIFICATION AND ACCREDITATION (C&A)

Restaurant Brands International Inc. A corporation continued under the laws of Canada. Audit Committee Charter Originally adopted December 11, 2014

THE MANAGEMENT OF SICKNESS ABSENCE BY NHS TRUSTS IN WALES

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Business Continuity Management and The Extended Enterprise

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

The Procter & Gamble Company Board of Directors Compensation & Leadership Development Committee Charter

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

6/8/2016 OVERVIEW. Page 1 of 9

Office of Finance Recruiting Process Guide for Hiring Managers

Fundamentals of Risk Management Understanding, evaluating and implementing effective risk management

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

FFIEC Cybersecurity Assessment Tool

,"ENT 0..- ~ Q c. ;:* *1 ~ J U.S. DEPARTMENTOF HOUSINGAND URBAN DEVELOPMENT THEDEPUTYSECRETARY WASHINGTON, DC

The authority documents tracked by the UCF

I. The Role of the Board of Directors II. Director Qualifications III. Director Independence IV. Director Service on Other Public Company Boards

VDC SLA Annex Additional Terms for Virtual Data Centre - SLAs

Solihull Clinical Commissioning Group

How To Manage A Disruption Event

VDC SLA Annex Additional Terms for Virtual Data Centre - SLAs

Personal Investment Services. Supported by an industry leader

THE BOARD OF DIRECTORS OF THE DEPOSITORY TRUST & CLEARING CORPORATION MISSION STATEMENT

Review of Industry Trends & Forecasts

Business Continuity Plan

Best Practices in Disaster Recovery Planning and Testing

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

BPA Policy Cyber Security Program

SAMPLE IT CONTINGENCY PLAN FORMAT

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Emergency Support Function 14 Long-Term Community Recovery and Mitigation

Security Information Lifecycle

COMPENSATION AND CORPORATE GOVERNANCE COMMITTEE CHARTER

How to Design and Implement a Successful Disaster Recovery Plan

Security Control Standard

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

APPENDIX I. Best Practices: Ten design Principles for Performance Management 1 1) Reflect your company's performance values.

Transcription:

Session Agenda I. Introductions Telling Management the WHOLE Story Session D15 Joe Flach / Safe Harbor Consulting II. Reporting Requirements III. IV. V. The Adjusted Recovery Confidence Factor VI. Back Pocket Readiness VII. Questions and Answers Introductions Reporting Requirements Hello! General Requirements Foreign Corrupt Practices Act, 1977 Sarbanes-Oxley Act of 2002 The Occupational Safety and Health Act (OSHA) SEC Regulations NYSE Rule 446 NASD Rules 3510 & 3520

Industry Specific Requirements Reporting Requirements Industry Regulation Healthcare HIPPA of 1996 FDA Code of Federal Regulations Title XXI, 1999 Government FISMA 2002, Title III of the E Gov. Act COOP and COG Federal Prep Circular 69, 1999 NIST Self Publication 800-34, 2002 NIST 800-53, 2005 Finance FFIEC Handbook, Chapter 10, 2003-2004 Basel II, 2002 Interagency Paper on Sound Practices, 2003 EFA Act, 1989 Utilities GASB Statement Number 34, 1999 NERC 1200 (1216.1), 2003 FERC RM01-12-00 Appendix G, 2003 RUS 7 CFR Part 1730, 2005 Typical duties of boards of directors include: governing the organization by establishing broad policies and objectives; selecting, appointing, supporting and reviewing the performance of the chief executive; ensuring the availability of adequate financial resources; approving annual budgets; accounting to the stakeholders for the organization's performance; setting the salaries and compensation of company management. From: Wikipedia: http://en.wikipedia.org/wiki/board_of_directors just one of many items on a full agenda limited to 15 minutes or less speaking to a room of people in which no one has a background in this field speaking to a room of people who have a limited interest in your topic speaking to people who are strategic planners not tactical thinkers standing in the way of a more interesting topic, lunch or liquid refreshments Board of Directors is responsible for ensuring the company has an adequate Business Continuity Program in place to protect the best interests of all corporate stakeholders. Business Continuity Planner is responsible for educating and informing Sr. Management on the business continuity posture, risks/threats and potential impacts from interruptions. The Business Continuity Planner is responsible for positioning the BOD to make informed and educated decisions regarding the Business Continuity Program. The worst thing that can happen to a Business Continuity Planner is to have Sr.

Do Not Report on Activity. Do Report on Recovery Posture. ARE WE RECOVERABLE? Are we recoverable? The Adjusted Recovery Confidence Factor ARCF = CBUTested/CBUTotal (CA) (DA) CBUTested = Number of Critical Business Units SUCCESSFULLY Tested CBUTotal = Number of Total Critical Business Units CA = Confidence Adjuster - % Confidence we have identified the right CBUs DA = Documentation Adjuster - % of our program that is adequately documented

CBUTested Emphasis on the word successfully. A critical business unit is successfully tested when it is validated that the business processes can be recovered within the established RTO. You will be unsuccessful The Confidence Adjuster Is a subjective measurement for how confident you are that your program has identified the right Critical Business Units. Supports the need for a Business Impact Analysis (BIA) to validate the CBUs. The Documentation Adjuster Measures what percentage of the program is supported by documented plans. Back Pocket Readiness The individual components of the ARCF allows you to tell the whole story and focus on those parts of the program that demand attention. Be prepared to answer these other questions: Are we compliant? How do we compare to our peers? What could possibly cause an interruption to our operations? And: What can/should we do to improve our ARCF?

Thank You jflach@safehorborconsulting.biz www.safeharborconsulting.biz http://www.facebook.com/pages/safe-harbor-consulting/204353729604053

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information