Introduction to Business Continuity Management

Similar documents
Laws Influence Business Continuity and Disaster Recovery Planning Among Industries

Table of Contents. Sample

Continuity of Operations During Disasters: Electronic Systems and Medical Records

TSC Business Continuity & Disaster Recovery Session

Deciphering Overlapping Standards and Requirements, Using the BCP Genome

Business Continuity Policy

Business continuity management and cyber resiliency

INTELLIGENCE DRIVEN GRC FOR SECURITY

Introduction to Business continuity Planning

Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments

CCISO Blueprint v1. EC-Council

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

Business Continuity Management

Business Continuity Planning

Global Statement of Business Continuity

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Business Continuity: How to Keep City Departments in Business after a Disaster

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Business Continuity Risk Management IT Service Continuity

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Principles for BCM requirements for the Dutch financial sector and its providers.

Implementing a Global Business

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Build a viable plan for disaster recovery and crisis management.

Building a BC/DR Control Library and Regulatory Response Program

Using International Standards to Implement a Business Continuity Management System (BCMS)

Driving Global Resilience

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

PECB Change Log Form

REPORT 2015/149 INTERNAL AUDIT DIVISION

POWERING NETWORK RESILIENCY WITH UPS LIFECYCLE MANAGEMENT

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Appendix 3 Disaster Recovery Plan

Frontiers of Risk. Don t Be Afraid: Business Continuity Plan Development Only Hurts A Little!

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

How to Conduct a Business Impact Analysis and Risk Assessment

Business Continuity Management Standards A Side-by-Side Comparison

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Why you should adopt the NIST Cybersecurity Framework

BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology?

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Certified Information Systems Auditor (CISA)

Global Security Consulting Services, compliancy and risk asessment services

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

BUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS

How to get the Enterprise to Understand the Value of Security

Business Continuity Management Program Overview

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Defining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline

Florida State University

Disaster Recovery and Business Continuity Planning (Mile2)

Business Continuity - An Inside Perspective

MHA Consulting BCM Metrics Resiliency Through Measurement

Building the Business Case for Emergency Notification

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Data Recovery Policy

Cybersecurity and Hospitals: A Board Perspective

Risk Management. Continuity Management

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Enterprise GRC Implementation

The NIST Cybersecurity Framework

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

How to Derive Value from Business Continuity Planning

Symantec Data Center Migration Service

BCM Program Development

Symantec Business Continuity Solutions for Operational Risk Management

Business Resiliency Tomorrow is not the time to find out that I can t continue critical business functions

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

STRATEGIC PLAN. USF Emergency Management

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers

THE POWER OF TECH-SAVVY BOARDS:

Cybersecurity in Higher Ed

Business Continuity & Disaster Recovery

Disaster Recovery Webinar August 11, 2015

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Meeting the Challenges of Enhancing Power Sector Resilience

Facilities Management and Business Continuity. 10 May 2017

Infocomm Professional Development Forum 2011

Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s. Business Continuity Readiness Overview

Information Security Risk Strategies. By

MassMutual Business Continuity Disclosure Statement

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

Verso ilnuovostandard ISO (BS25999) sullabusiness Continuity Scenari e opportunità

THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

A Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Framework for Improving Critical Infrastructure Cybersecurity

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

MultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions

Headline Verdana Bold

Transcription:

Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018

Speaker Panel ABD Insurance & Financial Services Diana Blake Senior Claims Consultant ABD Insurance & Financial Services Rod Sockolov EVP & Founding Principal, P&C The Cross Connection Warren T. Cross Principal

Today s Topics Introduction of Speakers An Introduction to Business Continuity Management The Cross Connection Commitment Why Business Continuity Matters Holistic Global Resiliency What does program rollout look like The importance of doing Business Impact Analysis Discuss framework of a sound Business Continuity Plan Wrap-up

Business Continuity Management (BCM) What is BCM? BCM is a form of risk management that deals with the threat of business activities or processes being interrupted by external and/or internal factors. It involves making arrangements to ensure you can respond as effectively as possible in the event of a disruption so mission-critical functions will continue to provide an acceptable level of service. Effective business continuity can be best attained through the implementation of a business continuity management system (BCMS) aligned to its international standard, ISO 22301. 4

Disaster Recovery (DR) Planning Disaster recovery planning prioritizes fully recovering and returning to full functionality in the event of an incident, whereas BCM focuses on preserving an organization's ability to function. Having said that, there is still a clear overlap, and disaster recovery does fit within an organization's business continuity framework. Disaster recovery plans are often relatively technical and focus on the recovery of specific operations, functions, sites, services or applications. The BCP might contain or refer to a number of disaster recovery plans. ISO 27031 ICT continuity best practice ISO 27031 describes best practice for information and communications technology (ICT) continuity management within an organization's overall business continuity framework. ISO 27031 can be used in conjunction with ISO 22301, but can also be used on a standalone basis, should an organization wish to address ICT continuity management specifically. 5

Laws Influence BC and DR in Industries Healthcare Health Insurance Portability and Accountability Act (HIPAA) of 1996 Food and Drug Administration (FDA) Code of Federal Regulations (CFR) Title XX1, 1999 Government Federal Information Security Act (FISMA), 2002 Title III of the E-Government Act, 2002 Executive Order on Critical Infrastructure Protection in the Information Age, 2001 COOP and Contingency of Government (COG) Federal Preparedness, 1999 National Institute of Standards and Technology (NIST) Special Publication 800-34, 2002 NIST 800-53 Recommended Security Controls for Federal Information Systems, 2005 Finance Federal Financial Institutions Examination Council (FFIEC) Handbook, 2003 Basel II, Committee on Banking Supervision, Sound Practices for Management, 2003 6

Laws Influence BC and DR in Industries, continued Finance Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, 2003 Expedited Funds Availability (EFA) Act, 1989 Utilities Governmental Accounting Standards Board (GASB) Statement No. 34, June 1999 North American Electric Reliability Council (NERC) 1200 (1216.1), 2003 Federal Energy Regulatory Commission (FERC) RM01-12-00 (Appendix G), 2003 RUS 7 CFR Part 1730, 2005 Telecommunications Act of 1996, Section 256, Coordination for Interconnectivity NERC Security Guidelines for the Electricity Sector, June 2001 7

The Goal 1. To not go down Build a solid foundation and put processes in place to reduce the risk of service interruption 2. Get the services back up and operational using the quickest method Fix the issue in PROD Failover to DR 3. Imbed resiliency into the DNA of your organization 8

Who needs Business Continuity? All industries 9

Our Mission

Types of Disaster

2017 Statistics Companies without a plan fail 80% of companies without a business continuity plan will go out of business within 13 months. Data Loss is inevitable 20% of all companies will suffer fire, theft, flood, storm damage, power failures, hardware or software disaster this year. Disaster threats are increasing Companies are at increasing risk of natural disasters, competitive espionage, human error, and power grid failures. Data is critical to your companies success Data loss can happen at any time and your business depends on this data. Protecting this data is key to your companies future success. Hardware failure is the leading cause of unplanned outages 45% of all unplanned downtime is attributed to hardware failures. Power outages account for 35% of unexpected downtime While this fluctuates each year, power outages and other utility losses will always pose a threat. 90% of businesses without a disaster recovery plan will fail after a disaster. 1 in 3 businesses were unprepared for disaster, despite having a plan. Unplanned downtime costs between $926 to $18k per minute These costs include lost revenue, lost productivity, recovery expenses, equipment replacement, and more. The takeaway It is not a question of if, but when. Companies need to be doing everything possible to avoid downtime and expedite recovery should disaster strike. 12

Global Resiliency Workplace/facility recovery Disaster recovery Incident response Business process recovery Emergency response Pandemic planning Crisis management planning Governance Crisis Management Business Continuity Disaster Recovery Governance, Training, Assurance Insuring compliance, setting policy, standards, procedures, metrics and reporting Event Response Response to an event, or a series of escalating events, that threatens our strategic objectives, reputation or viability People and Processes Sustain acceptable uptime, and restore business operations to the acceptable level after a disruptive event. Technology Restore or recover critical infrastructure and applications following a data center or systems failure Global Resiliency Global Resiliency Global Resiliency Global Resiliency 13

Organizations must think beyond BC and DR plans For the program to be effective we need to be: Strategic Holistic Sustainable 14

Business Continuity Management Lifecycle Improving organizational resiliency Business Continuity Management (BCM) is a holistic management process that: 1. Identifies potential threats to an organization and 2. The impacts to the business operations those threats might cause. 3. It provides a framework for building organizational resilience and effective response 4. Enables the business to stay on course whatever storms it is forced to weather At the heart of BCM good practices sits the BCM lifecycle. It shows the stages of activity that an organization moves through and repeats with the overall aim of improving organizational resilience. 15

The Business Continuity Management (BCM) Lifecycle Effective BCM Best Practices involves: Identifying critical activities; Performing a business impact analysis (BIA); Performing a risk assessment; Designing and implementing a business continuity plan (BCP); Testing and evaluating performance; and Putting a continual improvement process in place. 16

Phased Rollout of the Program Initiative starting in the next 90 days Establish BCM Program within each organization BC Business Impact Analysis (BIA) Crises Management Establish EMT/CMT processes and protocols DR Technology Discovery DR Gap Analysis DR Begin documenting DR plans for critical systems 17

The Business impact Analysis

The Business Impact Analysis A Business Impact Analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to business operations as a result of a disaster, accident or emergency. 19

Why conduct a BIA? Quantify the impact a business disruption will have on your departments ability to function over time Enable informed prioritization of department recovery in the event of a disruption Justify (or negate) the current or future time and expense invested in recovery strategies Identify critical dependencies (departments, vendors, applications, etc.) Explicit direction from Executive Leadership Team 20

The BIA in the Big Picture Identify Identify risks and gaps in the program Test, Train & Maintain Measure Analyze BIA Create BC Planning: Develop strategies and plans 21

BIA Steps: Working through the Business Continuity Manager or Assigned Point Person: Meet with all department leaders for a BIA overview Schedule individual BIA interviews with department leader and SMEs Perform analysis on results of department sessions Provide each department manager with results for their review and approval Create holistic consolidated Treasury report for review and approval by Treasury s executive management 22

Some Key Components of a Business Continuity Plan: Plan revision and control tracker Plan purpose and plan scope Recovery Teams Team Member Responsibilities Instructions for using the Business Continuity Plan Emergency Management Standards Emergency Management Procedures Business Impact Analysis (BIA) System Recovery Strategy Business Continuity Procedure 23

Some Key Deliverables of a BCMP: Business Continuity Plan (BCP) Business Recovery Procedures Business Resumption Procedures Operational Recovery Plan (ORP) Contingency Planning Procedures Crisis Management Procedures Emergency Response Procedures Emergency Operation Center Procedures Disaster Recovery Plan (DRP) Resource Requirements Disaster Recovery Process Document 24

Remember, It s a Journey As with any program, continuous improvements are needed to ensure a program is effective and is aligned with the business needs, priorities, as well as ingrained into the business culture Simple Tackle Complexity Consistent and maintainable Strategic Align to Business Strategy and Risk Holistic Business Centric view Cross functional alignment Focusing on these 3 key program principles will help drive us to the next level 25

What We Do The Cross Connection is a private minority business enterprise (MBE) offering: Business Continuity (BC) and Disaster Recovery (DR) Services Disaster Tolerance (DT) Services Program and Project Management Services (IT, regulatory compliance and government regulations; Basel II, FISMA, GLBA, HIPAA, NIST, ISO, SOX) Mergers and Acquisition (M&A) Services (conducting IT Due Diligence and Integration Implementation Strategies) Technical Account Management (TAM) Services IT Assessment Services (hardware, software, network, technology support, etc.) Operational Readiness (Enterprise Communication, Enterprise Training, and Enterprise Cultural Transformation) info@tcc-svcs.com www.thecrossconnections.com 916.730.6758 26

Let s wrap-up

Discussion Recap Business Continuity Management responds to disruptions and ensures mission-critical functions continue Companies without a plan will fail Insurance coverages and program strategies will vary based on the exposures The takeaway you can create a program to help avoid downtime and expedite recovery should disaster strike! 28

Thank You!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback