Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity Management for Risk Managers.

Published byLionel Victor Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "Business Continuity Management for Risk Managers."— Presentation transcript:

1 Business Continuity Management for Risk Managers

2 Business Continuity USA

3 3 What is BCP? BCP - Business Continuity Planning – The identification and protection of business processes required to maintain an acceptable level of operations in the event of sudden, unexpected, or not so unexpected, interruptions of these processes and their supporting resources

4 4 Where Are We Going? More Integrated Solution – Business Continuity – Disaster Recovery – Emergency Response – Crisis Management – Risk Management Under The Banner of Business Continuity Management

5 5 Pre-Incident Planning Risk Assessment/Mitigation/ Prevention - Physical - Logical (Technology) Supply Chain - Vendor management - Inventory Control BCP Creation - Crisis Management - Emergency Response - Disaster Recovery - Business Recovery Evacuation - Life & Safety Incident/Crisis Management BCP activation - Business Recovery - Relocation - Processing - Reprioritize Product/Customer - Technology Recovery - Data Recovery - Processing Recovery Incident Occurs Post Incident Repair/Restoration Claims Processing Increase Production Levels Lessons Learned - Mitigation/Prevention Business Continuum

6 Legislative Landscape

7 7 Consumer Credit Protection Act OMB Circular A-130 FEMA Guidance Document Paperwork Reduction Act ISO 27002 (Previously ISO17799) FFIEC BCM Handbook Computer Security Act 12 CFR Part 18 Presidential Decision Directive 67 FDA Guidance on Computerized Systems used in Clinical Trials used in Clinical Trials ANSI/NFPA Standard 1600 Turnbull Report (UK) ANAO Best Practice Guide (Australia) SEC Rule 17 a-4 FEMA FPC 65 CAR Sarbanes-Oxley Act of 2002 HIPAA, Final Security Rule FFIEC BCM Handbook -2003/ 2008 Fair Credit Reporting Act NASD Rule 3510 NERC Security Guidelines FERC Security Standards NAIC Standard on BCM NIST Contingency Planning Guide FRB-OCC-SEC Guidelines for Strengthening the Resilience of US Strengthening the Resilience of US Financial System Financial System NYSE Rule 446 California SB 1386 Australia Standards BCM Handbook GAO Potential Terrorist Attacks Guideline Guideline Federal and Legislative BC Requirements for IRS Requirements for IRS Basel Capital Accord MAS Proposed BCM Guidelines (Singapore) (Singapore) NFA Compliance Rule 2-38 FSA Handbook (UK) BCI Standard, PAS 56 (UK) Civil Contingencies Bill (UK) Post-9/11 Pre-9/11 1991 - 2001 2002 -------------------------------------------------------2010 FPC 65 FPC 65 NYS Circular Letter 7 NYS Circular Letter 7 ASIS ASIS State of NY FIRM White Paper on CP State of NY FIRM White Paper on CP NISCC Good Practices (Telecomm) Australian Prudential Standard on BCM HB221HB292BS25999 SS507 – SS540 TR19 CA Z1600 ISO/PAS 22399 DRII (SDO) DRII (SDO) Title IX – 110-53 Title IX – 110-53 Post-9/11 Surge in Business Continuity Regulations and Standards PS Prep

8 8 a. Goal of the new program is to provide a method to independently certify the emergency preparedness of private sector organizations, including their disaster / emergency management and business continuity programs. The program focuses on certifying the preparedness of businesses and other private sector entities, and does not involve any individual professional certification. b. The program will be voluntary. c. Key stakeholders are invited to participate in the development of the program. Consultation with a variety of organizations and various sectors is required by the legislation. Program development will likely include involvement by a diversity of private sector advisory groups and others. d. The program will be administered outside of government by 3rd party organizations with experience / expertise in managing and implementing voluntary accreditation and certification programs. e. One or more preparedness standards can be designated. NFPA 1600 is reference by example. f. Existing industry efforts, certifications and reporting in this area will not be duplicated or displaced, but rather recognized and integrated. g. Special consideration will be made for small business. h. Proprietary and confidential information is to be protected. Title IX – 110-53

9 Approved Standards ASIS International SPC.1-2009 Organizational Resilience: Security Preparedness, and Continuity Management System – Requirements with Guidance for use (2009 Edition). British Standards Institution 25999 (2007 Edition) - Business Continuity Management.(BS 25999:2006-1 Code of practice for business continuity management and BS 25999: 2007-2 Specification for business continuity management) National Fire Protection Association 1600-Standard on Disaster / Emergency Management and Business Continuity Programs, 2007 and 2010 editions. DHS Decides 9

10 How It Works 10 ANSI-ANAB In progress - ANSI DHS

11 Next Steps Creation of Accreditation Rules (AR) for Training of “Certification Bodies” – Approved by ANSI-ANAB – Must comply with ASTM 2659 and be approved by ANSI-CAP or ISO/IEC 17011 – Potential CB’s Must Take Course and Pass Examination As of this Moment No Organization – Has Been Approved to Accredit Certifying Bodies – Has been Grandfathered into Compliance with PS-Prep

12 NFPA/DRI Audit Course Certification DRI/NFPA Course is proceeding with ANSI-CAP Accreditation for the Course. Preliminary application has been approved ANSI-CAP follows the accreditation process outlined in the international standard ISO/IEC 17011, General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies as well as ASTM E2659 - 09e1 Standard Practice for Certificate Programs and recognized by ANSI-ANAB Passing the Exam will Provide a Certificate of Completion (Because training is a requirement there can be no examination only) This Certificate will Be Required to Seek CBCA/CBCLAs DRI International will maintain recertification through continuing education (RABQSA requirement)

13 TITLE IX UPDATE At ANSI – HSSP (Homeland Security Standards Panel ) - DHS “unveiled” its “Voluntary Private Sector Preparedness Accreditation and Certification Program – Proposed Target Criteria for Preparedness Standard” Internally developed and will be open for comment when DHS publishes a notice in the Federal Registry December 24, 2008 DHS files notice for comments in the Federal Register. “We note that the designated officer will consider adoption of the American National Standards Institute (ANSI) National Fire Protection Association (NFPA) 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (ANSI/NFPA 1600)—the standard specifically mentioned in both the statute and the 9/11 Commission’s recommendation—as well as any other private sector preparedness standards submitted for adoption.”

14 TITLE IX UPDATE October 15, 2009: Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new proposed standards for a 9/11 Commission-recommended program for the private sector to improve preparedness for disasters and emergencies. The proposed standards, developed by the National Fire Protection Association, the British Standards Institution and the ASIS International, were selected based on their scalability, balance of interest and relevance to PS-Prep from a group of 25 standards proposed for consideration following the publication of a Federal Register notice in December 2008 announcing the program. Visit: www.fema.gov/privatesectorpreparedness

15 TITLE IX UPDATE DHS has published a notice in the Federal Register announcing its intent to adopt the three standards listed below under PS- Prep. The notice also requests public comment on these standards and other programmatic issues: ASIS International SPC.1-2009 "Organizational Resilience: Security Preparedness, and Continuity Management Systems" British Standards Institution 25999 "Business Continuity Management" National Fire Protection Association 1600:2010 "Standard on Disaster / Emergency Management and Business Continuity Programs”

16 Public/Private Sector Landscape

17 Business Continuity Risk Management Crisis Management Emergency Management Disaster Recovery -

18 Risk Management - Prevention/Mitigation -Risk Retention -Risk Transfer

19 Risk Management has been around for a while Even the ancients practiced a form of risk management. Question: who invented the first fire protection system (hint: it was semi- automatic)?

20 Answer: The Egyptians

21 We all practice risk management Example of risk transfer: Example of risk retention: Car/Home Insurance Deductible

22 Crisis Management - Crisis Communication Employees Media Authorities Stakeholders

23 Crisis Management is a relatively new discipline New “poster child” of how NOT to do good crisis management is……? Example of a company that practiced good crisis management, and still prospers to this day…? The advent of instant worldwide communications mandates good crisis management for business survival Toyota?? BP?? Johnson & Johnson, Tylenol!!

24 Emergency Management -First Responders -Emergency Services Police Fire/Rescue -Incident Command System

25 Emergency Management has distant roots as well First U. S. fire department?

26 Answer: Philadelphia – 1736 Ben Franklin

27 First Responders Effective????

28 Emergency Response Training: drills…practice, practice, practice! Planning: pre-plans with emergency services Communication: 911, Emergency Notification Systems Coordination of efforts: Incident Command System (ICS)

29 Disaster Recovery - Data Recovery -Processing Recovery

30 Disaster Recovery is a relatively new concept Late 1960’s early 1970’s – introduction of computer mainframes Question: Who created the first disaster recovery (DR) plan?

31 Answer: The first data center manager who realized the problem if they lost their data and made a copy and took it home each night

32 Disaster Recovery is a relatively new concept cont. 1990’s – LANS & WANS 2000’s - Web-based computing Future – Who knows! The Cloud??? Late 1980’s - PCs become prevalent

33 Business Continuity Had its roots in DR Realization: it takes more than just data and applications to continue the business BC is a process, not a transaction Risk Assessment Plan Test & Maintenance Plan Develop / Execution Strategy Selection Business Impact Analysis BCM Life Cycle BCM Life Cycle

34 Business Continuity Risk Management Crisis Management Emergency Management Disaster Recovery - Business Continuity Management Enterprise Risk Management

35 Business Continuity Risk Management Crisis Management Emergency Management Disaster Recovery - Business Continuity Management Enterprise Risk Management

36 Who Needs BCM? Industries / Sectors

37 Who Needs BCM? By Size Is business continuity scalable?

38 Example: Bob’s Dry Cleaning Risk management Fire prevention program Automatic sprinklers Insurance Crisis management Media contacts Customer lists Emergency Management Emergency services pre-plan 911

39 Example: Bob’s Dry Cleaning cont. Disaster Recovery Back-up data Inventory Accounts receivable Accounts payable Client list Identify back-up hardware Server PC Web-based computing

40 Example: Bob’s Dry Cleaning cont. Business Continuity Location strategy Purchase Lease/rent Processing strategy Outsourcing Mutual aid Communication strategy Media E-mail Social media

41 Challenge for Business Continuity in the U.S. going forward: Business Continuity must be a common business practice throughout all private and public sector organizations, regardless of size.

42 DRI International – Who Are We? A Non-Profit Organization Committed to: – Promoting a base of common knowledge for the continuity management industry – Certifying qualified individuals in the discipline of Business Continuity – Promoting the credibility and professionalism of certified individuals Celebrated our Twentieth Anniversary in 2008. The Industry’s Premier Education and Certification Program Body

43  DRI International has Certified INDIVIDUALS in over 95 Countries.  DRI International conducts training courses in over 45 countries.  More individuals choose to maintain their certification through us than all other organizations in our industry combined (Over 7,500 individuals as of 2009)  DRI International certifies individuals and teaches in English, Spanish, French, Japanese, Mandarin, and Russian.  Conducts Courses for:  Insurance  Audit  Small and Medium Sized Businesses DRI International – Who Are We?

44

45 Questions?

Download ppt "Business Continuity Management for Risk Managers."

Similar presentations

1 Boston ACP – September 8, 2010. A Non-Profit Organization Committed to: Promoting a base of common knowledge for the continuity management industry.

1 Boston ACP – September 8, A Non-Profit Organization Committed to: Promoting a base of common knowledge for the continuity management industry.
KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.

KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
BUSINESS CONTINUITY MANAGEMENT THROUGH STANDARDS AND BEST PRACTICES Jasmina Trajkovski, CISA, CISM.

BUSINESS CONTINUITY MANAGEMENT THROUGH STANDARDS AND BEST PRACTICES Jasmina Trajkovski, CISA, CISM.
National Incident Management System Overview. Homeland Security Presidential Directive 5 Directed Secretary, DHS to develop and administer: 1.National.

National Incident Management System Overview. Homeland Security Presidential Directive 5 Directed Secretary, DHS to develop and administer: 1.National.
BS-25999: Business Continuity Management System PS-Prep: The Voluntary Private Sector Preparedness Program Kathleen Lucey, FBCI Practice Manager, EMC 516-384-6437.

BS-25999: Business Continuity Management System PS-Prep: The Voluntary Private Sector Preparedness Program Kathleen Lucey, FBCI Practice Manager, EMC
What’s Working in Homebuyer Education and Counseling Presented by: Arlene Nunes October 21, 2014.

What’s Working in Homebuyer Education and Counseling Presented by: Arlene Nunes October 21, 2014.
Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.

Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.
1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.

1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Security Controls – What Works

Security Controls – What Works
Greg Shaw 202-994-6736 How do we turn private sector preparedness into an investment rather than a cost of doing.

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
National Practice Leader Emergency Response Planning NFPA 1600: The National Preparedness Standard July 6th, 2005.

National Practice Leader Emergency Response Planning NFPA 1600: The National Preparedness Standard July 6th, 2005.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
1 DRI International’s Certification Process Professional certification for leaders in continuity management.

1 DRI International’s Certification Process Professional certification for leaders in continuity management.
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.
Business Continuity Management for Risk Managers

Business Continuity Management for Risk Managers

Similar presentations

Ads by Google