Risk Management. Continuity Management

Similar documents
Business Continuity Management

Promoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ

Global Statement of Business Continuity

Principles for BCM requirements for the Dutch financial sector and its providers.

Implementing a Global Business

How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

The BCI Certification and Solutions

Business Continuity Policy

Facilities Management and Business Continuity. 10 May 2017

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

HENRY EE, FBCI, CBCP

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

BUSINESS CONTINUITY MANAGEMENT. A short guide 2017

Business Continuity and Disaster Recovery

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

Driving Global Resilience

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

Business Continuity Risk Management IT Service Continuity

BCM Program Development

TSC Business Continuity & Disaster Recovery Session

Business Continuity Management Program Overview

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Business continuity management and cyber resiliency

ISO Business Continuity Management System

Continuity of Business

Session 5: Business Continuity, with Business Impact Analysis

BCI Good Practice Guidelines (GPG) Location: Mauritius

Bradford J. Willke. 19 September 2007

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Sample Exam Privacy & Data Protection Foundation

Building resilience. Delivering assurance.

Policy. Business Resilience MB2010.P.119

Enterprise resilience and the role of Standards

Table of Contents. Sample

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Infocomm Professional Development Forum 2011

Using International Standards to Implement a Business Continuity Management System (BCMS)

Manchester Metropolitan University Information Security Strategy

Operational Risk Management: Major Processes and Assignments

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

How to Conduct a Business Impact Analysis and Risk Assessment

Verso ilnuovostandard ISO (BS25999) sullabusiness Continuity Scenari e opportunità

Department of Management Services REQUEST FOR INFORMATION

Introduction to Business continuity Planning

Business Continuity Planning

Why you should adopt the NIST Cybersecurity Framework

Introduction to Business Continuity Management

Business Continuity Management Standards A Side-by-Side Comparison

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network

Implementing a BCM Programme

The NIS Directive and Cybersecurity in

Public and Private Interdependencies Filling a Gap in Most Continuity Plans

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

L33: The Challenge of Assessing Supplier Reliability

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Preparing your C-Suite for a Cyber Crisis

Building a BC/DR Control Library and Regulatory Response Program

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Cybersecurity Risk Management:

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation

Conference Overview. w w w. s p a t i a l c o. e v e n t s / b c m. Who should attend? Conference Topics. Officially Sponsored by.

Introduction to ISO/IEC 27001:2005

What Does the Future Look Like for Business Continuity Professionals?

INTELLIGENCE DRIVEN GRC FOR SECURITY

CBCI Certification Course (GPG)

Whitepaper. Contents. Foreword. Introduction. Business ContinuITy

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Deciphering Overlapping Standards and Requirements, Using the BCP Genome

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Overview of the Federal Interagency Operational Plans

Business Continuity: How to Keep City Departments in Business after a Disaster

BT Business Continuity Quick Start Service

HOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through

STRATEGIC PLAN. USF Emergency Management

Emergency Management BC Update

,000+ What is the BCI Corporate Partnership? What are the benefits of becoming a Corporate Partner? Levels of Partnership

BCM The Road Ahead Chris Alvord, COOP Systems, MBCI, CBCP. April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona

People Assets Reputation

INFRASTRUCTURE. A Smart Strategy Global Water Asset Management Lead, Ove Arup NYC FORUM -

David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque, NM

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Member of the County or municipal emergency management organization

Information Technology Branch Organization of Cyber Security Technical Standard

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

Directive on security of network and information systems (NIS): State of Play

Risk Assessment and Business Impact Analysis using PMI

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

PECB Change Log Form

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

National Policy and Guiding Principles

Transcription:

Risk Management vs Continuity Management Marie Hélène Primeau, CA, MBCI President Premier Continuum DRJ Fall World September 12, 2011 Marie-Hélène Primeau, CA, MBCI Chartered Accountant and Member of the Business Continuity Institute In Business Continuity for more than 8 years Consulting with medium and large organization to develop and maintain Business Continuity Management Programs in various industries such as Manufacturing, Distribution and Logistics, Government, Financial Services Teaching Lecturer post graduate degree at the University of Montreal (Business Continuity and Resilience) Developer and instructor of the BCI 2 Day Overview of the BCM Lifecycle Instructor for the Business Continuity Institute 5 day Course Has taught BCI Good Practice Guidelines in North America, Europe and online Instructor for a 2-Day workshop on Exercising your Plans

Risk Management vs Continuity Management Definitions Risk (ISO 31000): EffectofUncertainty onobjectivesobjectives Business Continuity (BCI GPG 2010): Strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level

Examples of Past Incidents Japan 2011 Earthquake > Tsunami > Nuclear Crisis BP Oil Spill 2010 World Economic Forum Global Risk Report 2011

Organizational Context Competition Other Stakeholders Suppliers & Business Partners Environment Your organization Logistic & Transportation Shareholders Legislations & Regulations Reputation Customers Risk Management Process (ISO 31000) Principles / Framework

Risk Assessment Any types of risk including risk to continuity BCM typically here Imp pact Likelihood Risk Management Process (ISO 31000) Principles / Framework

Risk Treatment Options Risk Management Process and BCM Lifecycle Principles / Framework Source: BS25999 1 / Business Continuity Institute Good Practice Guidelines Source: ISO 31000

Risk Management vs Business Continuity Management (BCM) Risk Management (ISO 31000) Risk Management Framework Establishing the context Risk Assessment BIA is one of the tools Risk Treatment Communication and consultation Monitoring and Review BCM (BS25999 1) Policy and Programme Management Scope Determination (Policy) Understanding the Organization Business Impact Analysis (BIA) Risk Assessment focused on organisation s most urgent activities BCM Strategies Development & Implementing BCM response Embedding BCM in the Culture Exercising, Maintaining and Reviewing Business Impact Analysis (BIA) Purpose For each activity, product or service Document the impacts over time from its loss or disruption Identify the Maximum Tolerable Period of Disruption (MTPD) and thus the priorities for recovery Identify the dependencies (both internal and external) that are required to enable the activity to operate effectively

Business Impact Analysis Source: The Business Continuity Institute 5 day Course Evaluating Threats through Risk Assessment (within the BCM context) BIA should be conducted in advance Focus on most urgent activities Estimates likelihood and impact of threats Helps in identifying potential causes of interruption Such as unacceptable concentration of risks (single points of failure) Can identify measures to reduce likelihood or impact of disruptions Can benefit from existing risk management and inform

Evaluate Risks to Most Urgent Activities Loss of key personnel / significant number of employees Loss of Information technology systems (equipment and/or applications) Loss of telephone systems Loss of main premises Loss of vital resources / records Loss of key equipment Loss of services / utilities (water, electricity, etc.) Loss of a major supplier or business partner (subcontractor) Risk Reduction and Mitigation Prevention The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. Protection Detection Suppression

BCM in Context Emergency Planning Incident Management BCM Crisis Com. Risk Management ICT Disaster Recovery Where should BCM report within the organization? Source: Engaging & Sustaining the Interest of the Board in BCM Survey The Business Continuity Institute 2011

In Conclusion Key Success Factors Obtain top management commitment and sponsorship Build on existing programs Seek appropriate internal and external support and resources Chance favors only the prepared mind. Louis Pasteur Marie-Hélène Primeau, CA, MBCI President, Premier Continuum Inc. mhprimeau@premiercontinuum.com 514-761-6222 ext. 1003 www.premiercontinuum.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback