International Trends in Business Continuity & Emergency Response Presented by Director of Global Operations Chloe Demrovsky of DRI International For Continuity Insights November 13, 2012
DRI International A Global Non-Profit Organization founded in 1988 The Industry s Premier Education & Certification Program Body Committed to: - Promoting a base of common knowledge for the continuity management industry - Certifying qualified individuals in the discipline of Business Continuity - Promoting the credibility and professionalism of certified individuals - 2 -
DRI International Truly International DRI has Certified INDIVIDUALS in over 100 Countries DRI conducts training courses in over 45 countries Since 2009, DRI taught more students outside the US than within the US More individuals are certified by DRI International than all other organizations in our industry combined (Over 9,600 active individuals as of October 2011) Since 1988, more than 25,000 individuals have held a DRI certification DRI Certifies individuals in English, Spanish, French, Italian, Japanese, Mandarin and Russian DRI International teaches in English, French, Spanish, Portuguese, Mandarin, Japanese, Italian and Russian - 3 -
Europe: Presented at the Interparliamentary Center for Parliamentary Studies (Belgium) and IV BSI Conferencia de BS25999 (Spain) DRI International Truly International UAE: Member of Standards Committee Advisory Team APEC: Only Business Continuity Certification Recognized by the Asian Pacific Economic Cooperation DRI Canada is a member of the Technical Committee for the CSA Z1600 Standard for Emergency Management & Business Continuity Japan: Signatory to Japanese Joint Aid Agreement DRI International Standard cited by Financial Industry Regulatory Agency (FINRA) & NFPA1600 Malaysia: Annual DRI conference in collaboration with the Ministry of Science, Technology and Innovation s Cyber Security Malaysia to promote BCM Singapore: Official BCM education partner for the governmentsponsored Singapore Business Federation
Government Organization Collaboration United States Chaired the Alfred P. Sloan Committee that drafted the Framework for Preparedness that has been the foundation for the Title IX Implementation Meeting with Special Assistant to The President for Homeland Security Standards Policy Member of: U.S. Chamber of Commerce Homeland Security Task Force Council of Experts for ANSI-ANAB who will set the credentialing standard for certifying bodies for PS-Prep FEMA National Advisory Council Private Sector Subcommittee Advisory Committee for Congressionally funded Project for National Security Reform National Preparedness Month Coalition - 5 -
DRI International Non-Governmental Organization Collaboration Non-Government Collaboration Other Partnerships Member of the NFPA 1600 Technical Committee Member of the BS25999 ASIS Technical Committee Participant RIMS (Risk Insurance Managers Society) PERK (Professional Exchange of Risk Knowledge) Program Cooperative Education Credit Sharing with ISACA (Information Systems Audit and Control Association) Cooperative Education Credit Sharing with IC2 ASFHS Education and Sponsorship CPE Sponsorship ACP Sponsorship CPM Joint Sponsorship Safe America Habitat for Humanity Second Harvest The Mahila Partnership Audit Course Development and Training for Auditors with NFPA (National Fire Prevention Association) - 6 -
BCM Programs led by DRI Certified Professionals Deloitte & Touche Booz Allen PricewaterhouseCoopers Ernst & Young KPMG Marsh Accenture Navigant Computer Sciences Corporation IBM Johnson Consulting Jefferson Wells EDS Protiviti SAIC Perot EDS SunGard AIG Morgan Stanley American Express AG Edwards Citigroup Wells Fargo Bank of America Wachovia Washington Mutual JPMorgan Chase Nationwide Fidelity Vanguard Merrill Lynch Franklin Templeton VISA NY Life Pfizer Goodyear Genetech Georgia Pacific Nokia Hitachi Verizon Shering Plough Fujitsu AT&T BP Sprint Chevron Texaco Ericsson Raytheon Siemens Starbucks Coffee Company Nestle Toyota Target Corning ConocoPhillips Starwood Hotels & Resorts American Airlines Pitney Bowes Northrop Grumman General Dynamics Unilever Coca-Cola Caterpillar Inc. Pepsi-Cola Anheuser Busch Inc. Monsanto Sun Microsystems NC State Ace Hardware Corporation Blockbuster Inc. The University of Texas Penn State Columbia Yale Northwestern University of Illinois University of Miami Vanderbilt DePaul University of Oklahoma Carnegie Mellon LSU Michigan State Drexel University George Washington University University of Connecticut NC State University of South Carolina Ohio State US Senate State of Oklahoma City Of Austin Texas NYC Housing Authority US Army Department Of Energy Oregon State Treasury State Of California Dept. of the Air Force City of Philadelphia Federal Reserve State Of Ohio US Navy FBI IRS Department of Veterans Affairs Port Authority of NY & NJ State of Minnesota U.S. Nuclear Regulatory Commission U.S. Treasury - 7 -
DRI International Outreach International Publication International Glossary Create with International Committee of Volunteers Publish in multiple languages New for 2012 Invite National Standards Committees to contribute Conferences Charitable Giving - 8 -
Reasons for Business Continuity
Impressions from Hurricane Sandy Evacuation Response Risk Resistance Hurricane Irene The tolerance that individuals and groups have developed over time for specific risks influences the way they assess and respond to them. Living with a risk leads individuals and communities to take it for granted and discount it, whereas unfamiliar risks are viewed with far greater concern Learning from Catastrophes, Howard Kunreuther Social Media Activity Fastest news source Scares Applications Volunteer organization - 10 -
Reasons for Business Continuity Business continuity director: The Sept. 11 attacks, major natural disasters, the SARS outbreak, and the threat of a pandemic have made more companies take seriously the need for "preparedness planning. Continuity planner In the wake of 9/11, Hurricane Katrina, the 2004 Asian Tsunami, and the 2007 California wildfires, creating a business backup plan has become more crucial than ever. Continuity planners -- individuals trained to help prevent and manage emergency disaster situations -- are increasingly in demand across both government offices and private companies. "Companies learned a hard lesson after 9/11, that they have to plan for disasters not only in their own ` locality," says Dr. Matthew Liotine, director of the emergency management and continuity planning certificate program at the University of Illinois-Chicago. Professionals trained in the field can find positions within both large and midsize companies as well as in government agencies, the Department of Homeland Security being one of the largest employers of continuity planners. Along with a bigger job market for continuity planners is also a bigger paycheck, says Liotine. According to a survey conducted by BC Management, a California-based firm that specializes in recruiting and placing continuity and disaster relief personnel, certified business continuity planners earn an average compensation package (including benefits and bonuses) of over $100,000 per year. - 11 -
Reasons for Business Continuity - 12 -
2011 The Worst of Years - 13 -
2011 A Year of Proving Our Mettle DRI International Had A Record Year for Certification Overall Growth of 34% vs. 2010 Domestic Growth of 20% vs. 2010 International Growth of 74% vs. 2010 2012 Certification is Up vs. 2011-14 -
Reasons for Business Continuity External Drivers Impacts Pressure from audit committees Pressure from financial institutions Pandemic concern New threats & risks since 9/11 Demands from customers Increased regulatory and self-regulated requirements Loss of customers or inability to attract new customers Loss of revenue Decrease in stock value Increase of insurance premiums Loss of assets and employees Regulatory sanctions - 15 -
Business Continuity and Risk Management Cause vs. Effect Risk Management Identifies Threats (Facility, Environmental, Climatic, Geopolitical, Personnel, Business, Technology, etc) Recommends Mitigation Probability Cost of Mitigation BCM What are the Implications of failing to mitigate or prevent Preparation Structure, planning, resources, testing Execution Relocation, operating under duress - 16 -
Combining Disciplines Under the banner of Business Continuity Management Business Continuity (Relocation) Disaster Recovery (IT Recovery and Continuity) Integrated Solution Emergency Response Crisis Management - 17 -
Customer-Involved - 18 -
What drives business continuity? 1 Unique competitive advantage - 19 -
The Regulatory Landscape
Pre-9/11 Post-9/11 Consumer Credit Protection Act OMB Circular A-130 FEMA Guidance Document Paperwork Reduction Act ISO 27002 (Previously ISO17799) FFIEC BCP Handbook Computer Security Act 12 CFR Part 18 Presidential Decision Directive 67 FDA Guidance on Computerized Systems used in Clinical Trials ANSI/NFPA Standard 1600 Turnbull Report (UK) ANAO Best Practice Guide (Australia) SEC Rule 17 a-4 FEMA FPC 65 CAR JHACO Sarbanes-Oxley Safety Act of 2002 HIPAA, Final Security Rule FFIEC BCP Handbook -2003/ 2008 Fair Credit Reporting Act NASD Rule 3510 NERC Security Guidelines FERC Security Standards NAIC Standard on BCP NIST Contingency Planning Guide FRB-OCC-SEC Guidelines for Strengthening the Resilience of US Financial System NYSE Rule 446 California SB 1386 Australia Standards BCM Handbook GAO Potential Terrorist Attacks Guideline Federal and Legislative BC Requirements for IRS Basel Capital Accord MAS Proposed BCP Guidelines (Singapore) NFA Compliance Rule 2-38 FSA Handbook (UK) BCI Standard, PAS 56 (UK) Civil Contingencies Bill (UK)% FCD-1/2 NYS Circular Letter 7 ASIS State of NY FIRM White Paper on CP NISCC Good Practices (Telecomm) Australian Prudential Standard on BCM Bank Act and the Trust and Loan Companies Act - Canada HB221, HB292 BS25999 SS507 SS540 TR19 CA Z1600 ISO/PAS 22399 HiTech Act of 2009 NZ 5050 ISO22301 FINRA 4370 SEC - Compliance Programs Dodd-Frank Wall Street Reform Act NFPA:2010-2013 DRI s 10 Professional Practices Title IX 110-53 1991-2001 2002-Present
The DRI Standard The Ten Professional Practices for Business Continuity Professionals Project Initiation and Management Risk Evaluation and Control Business Impact Analysis Developing Business Continuity Strategies Emergency Response and Operations Developing and Implementing Business Continuity Plans Awareness and Training Programs Maintaining and Exercising Plans Crisis Communications Coordination with External Agencies DRI International is an ANSI-Accredited Standards Development Organization Download the full text for free on our website: www.drii.org - 22 -
- 23 - Property of DRI International
Critical Infocomm Technology Resource Programme (CITREP), a program of the Infocomm Development Authority, creates $30 million grant Objective: accelerate the development of emerging, critical and specialized ICT skills to meet Singapore's IT manpower needs. can apply for CITREP Expanded funding support for endorsed courses and certifications.
ISO 22301 Percentage of respondents to our survey who state that they are considering conforming to ISO 22301-25 -
Public/Private Collaboration
Convergence Why is public/private convergence important? In the US, 85% of all government resources are provided by the private sector Richard Reed Special Assistant to the President for Homeland Security Policy Effective response requires a coordinated effort We must adapt an end-to-end resource model - 27 -
Roles During Business Recovery Recovery - Relocation Public Sector Provide Secured Access to Affected Areas Provide Traffic Control Control Volunteer & Goods Contributions Private & Public Sectors Update Access Control Maintain Communications Status Communicate Command & Control Issues Transition to Private Sector Control Private Sector Initiate Recovery Activities Interface to Vendors & Suppliers Control Staff Usage Communications Restore Operations Notify Insurance Company - 28 -
Convergence Toward More Integrated Public Private Sector Response Communications Reverse 911 (voice and/or text) Subscription Local Government Notification of Incidents Weather Alerts Accident Alerts Testing Activities Web Sites Social Media Government Advisories Government Preparedness Bulletins Government Training Resources - 29 -
Government Outreach - US - 30 -
Government Outreach - UK - 31 -
Government Outreach - China - 32 -
Government Outreach - UAE - 33 -
Public/Private Partnership Activities Toward More Integrated Public Private Sector Response: Drills Natural Disasters Earthquakes Floods Hurricane Sand Storms Industrial Toxic Leaks Oil Explosion - 34 -
Public Private Sector Drills - Canada E A R T H Q U A K E - 35 -
Public Private Sector Drills - US E A R T H Q U A K E - 36 -
Public Private Sector Drills - Japan E A R T H Q U A K E - 37 -
Public Private Sector Drills Singapore/Indonesia F L O O D - 38 -
Public Private Sector Drills US H U R R I C A N E - 39 -
Public Private Sector Drills India I N D U S T R I A L - 40 -
Private Sector Initiatives Government Observing Private Sector: Craig Fugate says he realized the need to work with businesses when he oversaw emergency management in Florida. After hurricanes he watched retailers bring in generators and resume business faster than his own teams could provide substantial help to many residents. We couldn t get where we needed to go, Fugate says. The private sector was better at it than we were. - 41 -
Forums Public / Private Sector Forums: Create Open Dialogue Exchange Ideas Understand Each Others Point of View Ultimate Goal: Better Preparedness Better Response - 42 -
Thank you and For more information visit: http://driconference.org/ Or email: cdemrovsky@drii.org