Enterprise resilience and the role of Standards

Similar documents
Making trust evident Reporting on controls at Service Organizations

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

Public vs private cloud for regulated entities

50% 45% 40% 25% 20% 15%

Cyber Threat Landscape April 2013

Moving from Prevention to Detection March 2017

Global Statement of Business Continuity

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Driving Global Resilience

Building a BC/DR Control Library and Regulatory Response Program

Big data privacy in Australia

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework

Cyber Crime Seminar 8 December 2015

Canada Life Cyber Security Statement 2018

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

The Cyber Savvy CEO Getting to grips with today s growing cyber-threats

What Does the Future Look Like for Business Continuity Professionals?

,000+ What is the BCI Corporate Partnership? What are the benefits of becoming a Corporate Partner? Levels of Partnership

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Disaster recovery strategic planning: How achievable will it be?

Cyber Risks in the Boardroom Conference

2018 Summary Report into the cyber security preparedness of the National and WA Wholesale Electricity Markets. AEMO report to market participants

Business Continuity and Disaster Recovery

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

Using International Standards to Implement a Business Continuity Management System (BCMS)

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Risk Management. Continuity Management

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

POSITION DESCRIPTION

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Building resilience. Delivering assurance.

Cyber Security Law --- Are you ready?

Session 5: Business Continuity, with Business Impact Analysis

Why you should adopt the NIST Cybersecurity Framework

Cybersecurity Protecting your crown jewels

Business Continuity Policy

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

PIPELINE SECURITY An Overview of TSA Programs

Business Continuity Planning

Turning Risk into Advantage

Information Security Strategy

HENRY EE, FBCI, CBCP

Enterprise GRC Implementation

Nine Steps to Smart Security for Small Businesses

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Qualification Specification

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

GDPR: A QUICK OVERVIEW

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

POSITION DESCRIPTION

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

BUSINESS CONTINUITY MANAGEMENT. A short guide 2017

Position Description IT Auditor

Introduction to ISO/IEC 27001:2005

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

Cyber Security Incident Response Fighting Fire with Fire

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT

How Secure is Blockchain? June 6 th, 2017

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011

CYBER INSURANCE: MANAGING THE RISK

STRATEGIC PLAN. USF Emergency Management

ISACA Cincinnati Chapter March Meeting

Demonstrating data privacy for GDPR and beyond

Qualification Specification

CCISO Blueprint v1. EC-Council

The UNISDR Private Sector Alliance for Disaster Resilient Societies

Within our recommendations for editorial changes, additions are noted in bold underline and deletions in strike-through.

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

DATA PROCESSING TERMS

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

IBM Resilient Incident Response Platform On Cloud

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Criteria for selecting methods in user-centred design

Cyber risk Getting the boardroom focus right

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

ROLE DESCRIPTION IT SPECIALIST

DATA PROTECTION AND PRIVACY POLICY

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

The Metropolitan Police Service Approach to Corporate Resiliency

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Important Information

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

TAN Jenny Partner PwC Singapore

Prizetech Privacy Policy

Cyber Security Program

Prepare your Emergency respons, continuity plan, recovery plan

Prohire Software Systems Limited ("Prohire")

Infocomm Professional Development Forum 2011

Transcription:

www.pwc.co.uk Enterprise resilience and the role of Standards

Why do we have Standards? Globalisation Consistency Quality Supply chain and outsourcing Marketing value Slide 2

Stakeholder value Ultimately, a failure to plan hurts the bottom line Companies with a positive approach to crisis management and recovery Management skills and response Stakeholder communication Time(250 days) Insurance alone is inadequate Plans need to be implemented Other companies Recoverers Non-recoverers Slide 3

The majority of Standards in resilience are focussed on processes and functions Who can provide resilience assurance? Business continuity ISO 31000 Risk management, Principles and guidelines ISO 31010 Risk assessment techniques Crisis and incident management Risk management Physical security Information security ISO 22313 Business continuity guidance ISO 24762 Guidelines for information and communications technology DR services ISO 22398 Guidelines for exercises ISO 22301 Business continuity requirements ISO 27035 Information security incident management Slide 4

The majority of Standards in resilience are focussed on processes and functions Resilience indicators include: Shared values Situational awareness Social capital Research and development Staff (commitment, engagement, behaviours, capabilities and capacity) Innovation and creativity Networks and dependencies Exercised/stress-tested strategies (including financial, commercial, technological) Slide 5

Case Study: BCM journey (ISO 22301/BS 25999) BCI Good practice PAS 56 SEMD, Licencing, COMAH Emergency Preparedness and CCA Ways of working Tools e.g. Benchmarking ISO 22301 nee BS 25999 SPF Regulations and statutory obligations Resilience Forums Solicitors Code Standards Wider best practice ISO 24762 BS 65000 Industry Forums Responding to industry needs Close collaboration between industry, regulators and Government Timing of SPF & CCA development coincided with BS 25999 writing Allowed cross-fertilisation between regulatory and Standards development processes Allowed further areas for development to be taken back into the Standards process Consensus Slide 6

Impact of Standards in resilience Agreed Standards allow consistency in approaches to resilience Involving a wide group of interested parties helps to maintain the relevance of Standards Flexibility and evolution of thinking room to grow Slide 7

Enterprise resilience and the role of Standards This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2013 PricewaterhouseCoopers LLP. All rights reserved. In this document, "" refers to the UK member firm, and may sometimes refer to the network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. 131113-120000-JC-OS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback