SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
|
|
- Hilary Stone
- 6 years ago
- Views:
Transcription
1 SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11
2 Contact Details CSC Contacts CSC Contact Name Title Telephone Client Contacts/Interviewees Contact Name Title Telephone Distribution Additional Client Distribution Name: Name: Title: Title: Document Classification Commercial Caveat Privacy and/or Security Caveat Overall Classification COMMERCIAL-IN-CONFIDENCE SECURITY-IN-CONFIDENCE COMMERCIAL-IN-CONFIDENCE Release Authorisation Task Name Title Date Disclaimer This document has been prepared for XYZ Business by CSC Australia Pty Ltd and describes the findings of a Business Continuity Gap Analysis. This document has been prepared on the basis of information that was made available to CSC and is subject to change should new information become available. COMMERCIAL-IN-CONFIDENCE PAGE 2 OF 11
3 Contents Contact Details... 2 CSC Contacts... 2 Client Contacts/Interviewees... 2 Distribution... 2 Document Classification... 2 Release Authorisation... 2 Disclaimer... 2 Contents... 3 Executive Summary... 4 Introduction... 5 Background... 5 Objective... 5 Approach... 5 Scope... 5 s and recommendations... 6 Summary of s... 6 Business Continuity Program Management... 8 Business Continuity Policy... 8 Business Impact Assessment (BIA)... 8 Risk Assessment (RA)... 9 Business Continuity Strategies (Corporate, Process and Resource level)... 9 Business Continuity Plans (BCP)... 9 Crisis Management Plan... 9 Business Continuity Training and Awareness... 9 Business Continuity Testing Business Continuity Monitoring Business Continuity Audit CSC Australia Pty Limited COMMERCIAL-IN-CONFIDENCE PAGE 3 OF 11
4 Executive Summary As a result of a recent audit finding regarding the maturity of XYZ Business Continuity Management (BCM), CSC Business Continuity Services was engaged by the CIO of XYZ to review their BCM framework. The work was undertaken by Mr John Smith of CSC, at XYZ s Sydney head office from 12 January 2015 to 15 February The principle aim of the project was to: Assess the gaps in the Business Continuity Management (BCM) Program of XYZ with respect to ISO 22301/APRA standard s requirements To provide recommendations to close the gaps and to provide a roadmap to improve the standard of the BCM program to the desired level of maturity. CSC found that while there is a basic Business Continuity Management Program, there are weaknesses in the links between recovery strategies and XYZ s business continuity plans. Recovery time objectives (RTO) and Recovery point objectives (RPO) for critical services and key ICT systems need to identified in order to put in place appropriate strategies. We have raised 16 findings for the XYZ BCM program which we believe need to be prioritised as per the recommendations contained in the s & s section of the report. The summary of the key findings are: Third part agreement/arrangements where XYZ rely on key suppliers and services have not been included within the Business Continuity Plan framework. The Business Continuity Plan (BCP) does not have clear escalation procedures and details of tasks that need to be carried out during the course of a disaster event. The Business Impact Analysis (BIA) does not properly prioritise the critical processes at the time of a disaster event. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) have not been identified for the recovery of critical services and key IT systems. RTO and RPO assigned to critical activities allow management to recover key systems in a way that minimises the impact on the XYZ business and where it is in line with the expectations for the recovery of XYZ services. A complete Risk Analysis (RA) has not been completed to encompass facilities, people, IT infrastructure and utilities to addresses all the threats and controls to the business. From a compliance point of view, the current BCP framework needs to be revised to meet the ISO22301/APRA standard requirements. The role of IT in other business continuity plans needs to be further coordinated. The output of the business continuity and disaster recovery tests has not been formally presented to or accepted by management. Management should have the opportunity to comment or make recommendations based on test outcomes. There is no formal crisis communication plan in place to communicate with internal employees and external stakeholders, including customers and media during the course of a disaster event. Full details of the Gap analysis findings and recommendations are contained in the body of this report. COMMERCIAL-IN-CONFIDENCE PAGE 4 OF 11
5 Introduction Background XYZ Business is a boutique industry service established in and is a global leader in its industry domain, headquartered in Sydney, Australia. In its mission for growth, one of the key areas identified by XYZ Management is to ensure the continuance of critical business functions under all circumstances. Thus there is the need for a well-defined and structured Business Continuity Program to ensure the business is minimally impacted in the event of a disaster and can continue to operate. As a result of a recent audit finding regarding the maturity of XYZs Business Continuity Management (BCM), CSC Business Continuity Services was engaged by the CIO of XYZ to review their BCM framework. The work was undertaken by Mr Ashish Dahiya of CSC, at XYZ s Sydney Head office from 12 January 2015 to 15 February This document BCM Gap analysis report intends to highlight the gaps observed in the Business Continuity Management structure and the BCM documentation required to comply with mandatory requirements of APRA/ ISO The CIO will present the findings and recommendations contained in this report to the Risk Governance Steering committee at the next meeting scheduled on 13 April Objective The objective of the Gap Assessment was to understand the gap between what is required by the business continuity methodology ISO 22301/ISO and what is in place at XYZ. This report details these findings. Approach The project approach was to collect data via a CSC developed gap analysis survey, completed by the identified BC stakeholder at XYZ. The aggregated data from the survey has been analysed and the results are contained in this report. This report contains findings, conclusions and recommendations based on the information supplied by the XYZ representatives that participated in the survey. Scope In accordance with agreed terms of reference, CSC has taken Business Continuity Management (BCM) Program assessment work to cover the following BCM program components at the location XYZ Sydney Head Office. Existing Business Continuity and Disaster Recovery plans framework Existing BIA (Business Impact Analysis) and RA (Risk Analysis) reports (if any) Recovery strategies in place Crisis and Emergency Management plan BC and Disaster Recovery (DR) testing approach and past outcomes Training and awareness materials and approach Continual improvement records The overall objective of this gap analysis was to provide a high level BCM program assessment report to XYZ Executive Management with all reasonable key findings and recommendations. COMMERCIAL-IN-CONFIDENCE PAGE 5 OF 11
6 s and recommendations Summary of s The following graph highlights the current perceived level of maturity against the primary domains of a Business Continuity Program with 0 being the lowest and 5 the highest. Figure 1: Business Continuity Domain Maturity COMMERCIAL-IN-CONFIDENCE PAGE 6 OF 11
7 Figure 2 below, maps the level of maturity against industry standard ranges for each of the domains and maps maturity levels required or expected that XYZ wishes to obtain. The expected level required will determine the level of activities in the recommendations that XYZ will need to undertake. Figure 2: Business Continuity Industry Vertical Maturity COMMERCIAL-IN-CONFIDENCE PAGE 7 OF 11
8 Business Continuity Management (BCM) Program Supporting Documentation 1. BCM Program roles and responsibilities are not defined and documented BCM framework (Doc #) 2. BCM Program competencies should be clearly established and documented A BCM Program organisation structure should be in place. The roles and responsibilities should also be clearly defined and documented in the BCM framework. BCM Program steering committee should ensure that they have competent personnel in the BC team and documented in Business continuity framework. Training should be provided to these candidates on an ongoing basis to improve and maintain their competency. Business Continuity Program Management 1. Objective of the Business Continuity Management Program has to be further refined to incorporate the obligations, acceptable level of risk, statutory or regulatory requirements and interest of key stakeholders The scope and objectives should be documented with regards to: a) requirements of business continuity b) organisational objectives and obligations c) acceptable level of risk d) statutory, regulatory and contractual duties e) interest of key stakeholders Further, this should form part of the framework document policy section (Doc#) Business Continuity Policy 1. The policy does not clearly document the scope of the Business Continuity Management Program including any exclusion or limitations The policy section should clearly incorporate the objectives and scope including the limitations and/ or exclusions if any. The scope should clearly identify the location of the organisation and the departments covered. Business Impact Assessment (BIA) 1. BIA working sheets are not available BIA working sheets should be made available to management along with Recovery Time Objective (RTO), Recovery Point Objective (RPO) and Maximum Tolerable Period of Disruption (MTPD) values for their approval. These sheets will assist them to find out priority and order of recovery for critical business processes during any disaster event. 2. Due to non-availability of BIA working sheets, RTO, RPO calculation is not clear. Further Maximum Tolerable Period of Disruption (MTPD) value is also not obtained. XYZ should conduct a fresh BIA to derive the relevant calculation of RTO and RPO. These BIA working sheets should be made available to management and business unit heads for their approval. Further MTPD should also be established to comply with ISO 27001/ standards. BIA methodology should also be established for compliance purpose. COMMERCIAL-IN-CONFIDENCE PAGE 8 OF 11
9 Risk Assessment (RA) 1. Risk Assessment is not conducted A Risk Assessment should be conducted for all assets and business enablers related to identified critical processes and business. A Risk treatment plan should also be in place for the same. RA methodology should also be established for compliance purposes. Business Continuity Strategies (Corporate, Process and Resource level) 1. Recovery strategies are not developed for all critical processes (mentioned in doc # and doc # for X and Y unit respectively) identified by management. 2. Records related to approval of recovery strategies are not made available. Recovery strategies should be based on the RA and BIA outcomes. All the recovery strategies should be duly approved by Executive Management and approval record should be retained in a centralised location. Records should be made available during any audit to fulfill the compliance requirement. Business Continuity Plans (BCP) 1. Business Continuity Plans do not reflect the most upto-date BIA figures, recovery strategy and critical recovery resource requirements. Business Continuity Plans should be built upon the BIA and effective recovery strategies. It should be updated with all critical resources including people with their contacts. Most updated BC plans should be stored at a centralised location and easily accessible to the Business Continuity Core Team of XYZ. Crisis Management Plan 1. A crisis communication plan has not been developed as a part of Business Continuity Management Program A proper crisis communication plan should be developed and incorporated in Business Continuity Framework document. Business Continuity Training and Awareness 1. Records related to Business Continuity Management program training to employees, BC team members, evacuation teams is not available for XYZ staff Records pertaining to BCM program training like training presentation, feedback, training material, training calendar, fire drill timings, etc. should be made available to all staff members via a centralised location or via some other means which is easily accessible to all employees and auditors. COMMERCIAL-IN-CONFIDENCE PAGE 9 OF 11
10 Business Continuity Testing 1. Exercise and testing does not include full testing of the BCM organisation and infrastructure (including physical/facilities, IT and telecommunications). A proper testing calendar along with scope and success criteria should be developed to fully test the BCP and Disaster Recovery (DR) plans. Business Continuity Monitoring 1. Management review is not established as part of the BCM Program documentation. 2. Preventive and corrective actions are not part of the BCM Program documentation. 3. Continual improvement is not part of BCM program documentation. 4. Control of the BCM Program records is not established as part of BCM Program policy. 5. Controls of the BCM Program documentation is not established as part of BCM Program policy. Management review should take place as part of the BCM Program. The BCM policy and framework should be updated with the management review process. Once the BCM Program is implemented as per ISO 27001/22301 standards, it should be noted that any changes arising due to implementation of preventive or corrective controls should be documented. A documented policy should also exist for the same. Continual improvement shall exist as part of BCM Program documentation. A policy needs to be established on the same. BC effectiveness and measurement matrix can be further established to ensure that BCM Program undergoes improvement on a continuous basis. Controls of the BCM Program records should be established. Control of the BCM Program documentation should be established as part of BCM program policy to ensure that documents are: reviewed, updated and approved document version status is maintained distribution is controlled to required personnel unintended use of obsolete documents are prevented. Business Continuity Audit 1. Business Continuity Management (BCM) Audit program, policy, scope and procedures are not defined Business Continuity Management (BCM) Audit programs, policies, scope and procedure should be defined in order to ensure that XYZ carry internal and external certification audits for its BCM Program on a periodic basis. COMMERCIAL-IN-CONFIDENCE PAGE 10 OF 11
11 CSC Australia Pty Limited Global Security Solutions (GSS) 26 Talavera Road Macquarie Park, NSW 2113 Australia +61(0) About CSC Computer Sciences Corporation (CSC) is a global leader of next generation information technology (IT) services and solutions. The Company's mission is to enable superior returns on our client's technology investments through best-in-class industry solutions, domain expertise and global scale. Globally, CSC has approximately 72,000 employees with a presence in over 70 countries. In Australia, CSC has offices in most capital cities and has over 2,500 employees. Australian clients number over 350 which include multi-million dollar corporations across the banking, insurance and health sectors, and key state and federal government departments. For more information, visit the company's website at COMMERCIAL-INCONFIDENCE PAGE 11 OF 11
Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationISO Business Continuity Management System
ISO 22301 Business Continuity Management System Ensure continuity of critical business functions in the event of disruptions White paper Abstract This white paper provides an overview of ISO 22301, and
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationISO : Competence Requirements Clause 7
ISO 17021 : 2011 Competence Requirements Clause 7 3 Terms and definitions 3.7 Competence Ability to apply knowledge and skills to achieve intended results 3 Terms and definitions 3.10 Technical area Area
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationBusiness Continuity Management
Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?
More informationEQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING
EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING BUSINESS CONTINUITY EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES The key to every successful Business Continuity Solution
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic
ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationPECB Change Log Form
GENERAL INFORMATION Owner / Department* Approver / Department * Training Development Department Quality Assurance Department Date of Approval* 2019-01-09 Course name: Language: New Version: Previous Version:
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationPolicy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy
Policy Title: Binder Association: Author: Review Date: Pomeroy Security Principles PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Joseph Shreve September of each year or as required Purpose:...
More informationChecklist According to ISO IEC 17065:2012 for bodies certifying products, process and services
Name of Certifying Body Address of Certifying Body Case number Date of assessment With several locations Yes No Assessed locations: (Name)/Address: (Name)/Address: (Name)/Address: Assessed area (technical
More informationBuilding resilience. Delivering assurance.
Building resilience. Delivering assurance. Strengthening and improving the way organisations operate, creating robust and resilient cultures. 01 02 RiskLogic Building resilience. Delivering assurance.
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationInfocomm Professional Development Forum 2011
Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationBME CLEARING s Business Continuity Policy
BME CLEARING s Business Continuity Policy Contents 1. Introduction 1 2. General goals of the Continuity Policy 1 3. Scope of BME CLEARING s Business Continuity Policy 1 4. Recovery strategies 2 5. Distribution
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationImplementing a BCM Programme
Implementing a BCM Programme EPICC Vancouver BC April 2009 Russ Stewart UK Head of Continuity Safety & Security Europe KPMG LLP Russell.stewart@kpmg.co.uk 1 Implementing a BCM Programme Lots of good stuff
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationNHS Fife. 2015/16 Audit Computer Service Review Follow Up
NHS Fife 2015/16 Audit Computer Service Review Follow Up Prepared for NHS Fife April 2016 Audit Scotland is a statutory body set up in April 2000 under the Public Finance and Accountability (Scotland)
More informationISO/IEC :2015 IMPACT ON THE CERTIFIED CLIENT
ISO/IEC 17021-1:2015 IMPACT ON THE CERTIFIED CLIENT P R E S E N T E D B Y S H A N N O N C R A D D O C K, P R O G R A M S & A C C R E D I T A T I O N S M A N A G E R TODAY S APPROACH What is ISO/IEC 17021-1:2015?
More informationPolicy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures
More informationConformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:
TECHNICAL SPECIFICATION ISO/IEC TS 17021-6 First edition 2014-12-01 Conformity assessment Requirements for bodies providing audit and certification of management systems Part 6: Competence requirements
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationFollow-up Strategic Security Industry Audit Final Report
Background Follow-up Strategic Security Industry Audit Final Report The Australian Quality Training Framework (AQTF) formerly known as the Australian Recognition Framework (ARF) provides for Registered
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationfalanx Cyber ISO 27001: How and why your organisation should get certified
falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationScheme Document SD 003
Scheme Document SD 003 Management Systems (ISO 9001, ISO 14001, BS OHSAS 18001 & PN111 Factory Production Control) SD 003 Rev 03.6 10 Oct 2013 Page 1 of 13 (blank) SD 003 Rev 03.6 10 Oct 2013 Page 2 of
More informationUnclassified. Date Monday 24 September Business Continuity Plan Review - Mission Critical Activities
Meeting Paper title Executive Team Date Monday 24 September Business Continuity Plan Review - Mission Critical Activities Agenda item 5 Discussion time Purpose of paper Decision [If a decision you must
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationSample Exam Privacy & Data Protection Foundation
Sample Exam Sample Exam Privacy & Data Protection Foundation SECO-Institute issues the official Business Continuity courseware to accredited training centres where students are trained by accredited instructors.
More informationLevel Access Information Security Policy
Level Access Information Security Policy INFOSEC@LEVELACCESS.COM Table of Contents Version Control... 3 Policy... 3 Commitment... 3 Scope... 4 Information Security Objectives... 4 + 1.800.889.9659 INFOSEC@LEVELACCESS.COM
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationLeveraging COBIT to Implement Information Security
DISCUSS THIS ARTICLE Leveraging COBIT to Implement Information By John Frisken, CA COBIT Focus 5 May 2015 In delivering IT security consulting services to large enterprises in Australia, particularly in
More informationDescription of the certification procedure MS - ISO 9001, MS - ISO 14001, MS - ISO/TS and MS BS OHSAS 18001, MS - ISO 45001, MS - ISO 50001
The certification of a management system based on standard ISO 9001, ISO 14001, ISO/TS 29001, BS OHSAS 18001, ISO 45001 or ISO 50001, consists of the offer and contract phase, the audit preparation, performance
More informationUsing ITIL to Measure Your BCP
Using ITIL to Measure Your BCP 1 Agenda ITIL v3 Overview Why Use ITIL ITIL Continual Improvement Process Critical Success Factors and Key Performance Indicators Creating Metrics Scoring System Sample BCP
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationBusiness Continuity Risk Management IT Service Continuity
Business Continuity Risk Management IT Service Continuity The Three Musketeers All for one, one for all Author: Athol Culpan, Isaacs George and Ray Botardo Agenda Introductions Athol Culpan Case Study
More informationBCM Program Development
BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic
ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed
More informationISO 9001 Auditing Practices Group Guidance on:
International Organization for Standardization International Accreditation Forum Date: 13 January 2016 ISO 9001 Auditing Practices Group Guidance on: Expected Outcomes The expected outcomes documents (given
More informationFacilities Management and Business Continuity. 10 May 2017
Facilities Management and Business Continuity 10 May 2017 1 Introductions Business Continuity Institute BCI SADC Chapter The Caridon Group 2 The BCI 3 The Caridon Group Consulting Group of select experienced
More informationREVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009
APPENDIX 1 REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto
More informationHENRY EE, FBCI, CBCP
10 Things You Should Know When Reimagine Your ERM With BCM Program 27 July 2016 Presented by : Henry Ee, FBCI, CBCP, ISO22301 LA, Fellow of Business Continuity Institute (FBCI) Certified Business Continuity
More informationPractitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0
Practitioner Certificate in Business Continuity Management (PCBCM) Course Description 10 th December, 2015 Version 2.0 Course The Practitioner Certificate in Business Continuity Management (PCBCM) course
More informationPOWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS
POWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS Prepared by: Approved by: Chief Procurement Officer John Baskerville Chief Executive File number: D2015/65737 June 2015 MANAGEMENT
More informationMETHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS
METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS The cybersecurity maturity has been assessed against 25 criteria across five themes. Each of the criteria are given a Yes, No, Partial, or Not Applicable
More informationTelecommunications Equipment Certification Scheme FEBRUARY 2017
Telecommunications Equipment Certification Scheme FEBRUARY 2017 Canberra Red Building Benjamin Offices Chan Street Belconnen ACT PO Box 78 Belconnen ACT 2616 T +61 2 6219 5555 F +61 2 6219 5353 Melbourne
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationAPPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05
APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION PT. TÜV NORD Indonesia PS - TNI 001 Rev.05 Created : 20-06-2016 Checked: 20-06-2016 Approved : 20-06-2016 Indah Lestari Karlina
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationEA-ISP Business Continuity Management and Planning Policy
Technology & Information Services EA-ISP-002 - Business Continuity Management and Planning Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 06/03/2017 Document Security Level: PUBLIC Document
More informationGK SOLUTIONS PTY LTD COMPANY PROFILE
GK SOLUTIONS PTY LTD COMPANY PROFILE Company Profile Registered Business Name GK Solutions Pty Ltd ABN 23 770 995 016 Registered Business Address 18 Teak Street, Caulfield South, Victoria 3162 (PO Box
More informationFIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT. Expression of Interest (EOI) (04/2017)
FIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT Expression of Interest (EOI) (04/2017) Closing Date: 4pm Friday 4 August 2017 EXPRESSION OF INTEREST [EOI] SYSTEM CONSULTANCY AUDIT OF FEO s ELECTION MANAGEMENT
More informationDisaster recovery strategic planning: How achievable will it be?
April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com
More informationMHA Consulting BCM Metrics Resiliency Through Measurement
0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu
More informationCorporate Information Security Policy
Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed
More informationBusiness Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationWhitepaper. Contents. Foreword. Introduction. Business ContinuITy
Whitepaper Contents Business ContinuITy 1 Foreword 1 Introduction 1 What is Business Continuity Management? 2 Components of IT Business Continuity Management 2 Role of Vendors in BCM 5 Bringing BCM to
More informationGatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide
Gatekeeper Public Key Infrastructure Framework Information Security Registered Assessors Program Guide V 2.1 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work is copyright.
More informationUKAS accredited Certification Bodies
Transfer of ISO 9001 Certification between UKAS accredited Certification Bodies CIBSE Certification as a Certification Body The Significance of UKAS Accreditation The Transfer Route CIBSE Certification
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationHow ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016
How ISO 22301 helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016 Copyright SP PowerGrid Ltd Threat Threat 1 Threat 2 Organisation Threat 3 2 Threat - Terrorist actions ST 19Mar16
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationBusiness Continuity Policy
Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014
More informationBCS Specialist Certificate in Change Management Syllabus
BCS Specialist Certificate in Change Management Syllabus Version 2.0 April 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationIECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification
IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification INTERNATIONAL ELECTROTECHNICAL COMMISSION SCHEME FOR CERTIFICATION TO STANDARDS RELATING TO EQUIPMENT FOR USE IN
More informationSession 5: Business Continuity, with Business Impact Analysis
Session 5: Business Continuity, with Business Impact Analysis By: Tuncay Efendioglu, Acting Director Internal Oversight Division, WIPO Pierre-François Gadpaille, Audit Specialist (Information Systems),
More informationGlobal Wind Organisation CRITERIA FOR THE CERTIFICATION BODY
Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY December 2015 (Version 3) 1 Contents 1. Introduction... 5 2. Criteria for approval of a Certification Body... 5 3. Selection of audit team members
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationFiscal 2015 Activities Review and Plan for Fiscal 2016
Fiscal 2015 Activities Review and 1. The Ricoh Group s Information Security Activities In response to changes emerging in the social environment, the Ricoh Group is promoting its PDCA management system
More informationRisk Management. Continuity Management
Risk Management vs Continuity Management Marie Hélène Primeau, CA, MBCI President Premier Continuum DRJ Fall World September 12, 2011 Marie-Hélène Primeau, CA, MBCI Chartered Accountant and Member of the
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More information