Navigating the Intersection of Vendor Management and Business Continuity
|
|
- Oswin Kennedy
- 6 years ago
- Views:
Transcription
1 Navigating the Intersection of Vendor Management and Business Continuity MICHAEL BERMAN, J.D. Table of Contents Why are we here? Business Continuity and Vendor Management Primary Intersection BCP Each component impacts VM VM Each component impacts BCP Why are we Here? Our Fiduciary Responsibility or Duty Highest Standard of Care to Protect... Customers Staff Investors 1
2 Why are we Here? Our Fiduciary Responsibility or Duty Vendor Management and Business Continuity Planning FFIEC is crystal clear Business Continuity Planning Appendix J: Strengthening the Resilience of Outsourced Technology Services What is the Risk? Vendor Debt Collection OCC Settlement ($6 million) - American Express Bank Failed Disaster Recovery Settlement ($2.5 million) Deutsche Bank Fine for inadequate business continuity and disaster recovery plan Security Breach Community bank s third party core processor had a security breach that resulted in fraudulent debit card charges to deposit account. Bank had to reimburse customers even thought the third party was at fault. Various TSP Enforcement Actions Jack Henry, FIS, Fundtech Corp., Bserv... What is Business Continuity Planning? An ongoing program for your financial institution to: Ensure prudent reduction of risks Resume key business operations following a disaster, and before unacceptable impacts and losses are incurred. 2
3 What is a Disaster? Any disruption of business functions that result in significant: Financial impact or loss Loss of operational capability BCP Includes Emergency response: Get the employees to safety, and stabilize the situation Crisis management: Manage the organization through the BCP event Business operational continuity: Strategies/ approaches to address interrupted processes, build action plans to accomplish the recovery Technology services continuity: Strategies and action plans to ensure critical technology will be available following a BCP event Mitigating risk: Engineering the organization to minimize the impacts of a service disruption Things Can Go Wrong Tornadoes, Hurricanes Earthquakes Floods Blizzards Wild Fires Volcanic eruptions Fire/ Explosion Hazardous materials Sabotage Terrorist acts Workplace violence Civil disorder Violent criminal acts Major electric power outage Telecomm grid/co outage Water/Sewage system breakdown Major computer processing disruption Cyberattacks 3
4 Disasters Happen FEMA declared 42 disasters in 2015 Insured losses in the United States in 2015 topped $15.3 billion from natural catastrophes Disasters affect both our financial institutions and their key vendors Regulatory Requirements Vendor Management Background Service providers have been a regulatory issue for 45 years Bank Service Company Act of 1961 Technology outsourcing has been a meaningful part of financial institution audits Part of FFIEC IT Rating (URSIT) Outsourcing now includes services and solutions beyond information technology (FIL ) Regulations Two Primary Areas for Regulatory Guidance for Banks: 1) Interagency Guidance (FFIEC) 2) FDIC Guidance, OCC Guidance, and Federal Reserve Guidance 4
5 FFIEC, OCC, FDIC, Fed Overlap for Vendor Management Risk Assessments Contract Issues Due Diligence Monitoring OCC Bulletin Federal Reserve Guidance on Managing Third Party Risk (December 5, 2013) FDIC Compliance Manual VII 5.6 (December 2012) IT Exam Handbook FFIEC Outsourcing Technology Services (June 2004) IT Officer Questionnaire FDIC (December 2007) Guidance for Managing Third Party Risk (FIL ) Section 501 (b) GLBA (ensure security, protect against intrusions, etc.) Appendix J: Third Party Resiliency Manage Third Party Management Cyber Resiliency Cyber TSP Resiliency Capacity Third Party Capacity Testing Testing with Third Parties Third Party Management Due Diligence Contracts Monitoring Strategy 5
6 Cyber Resiliency Risks Communications Simultaneous Attack Strategy (Incident Response) Third Party Capacity Key Items: Recovery Time Objective (RTO) Recovery Point Objective (RPO) Redundant Utilities? Alternative Service Providers for Financial Institution? Alternatives Strategy Scenarios Testing with TSP Scenarios breadth and depth Alternative vendors Testing end-to-end Strategy gaps identified documented and remediation plan 6
7 Overlapping Guidance Vendor Management Business Continuity Overlap in BCP / Vendor Management Overlapping specific items include: 1. Third-party management addresses a financial institution management's responsibility to control the business continuity risks associated with its TSPs and their subcontractors. 2. Is a list of third-party service providers maintained that are required for ongoing operations? 3. Contracts with vendors should address the financial institution's BCP testing requirements for the vendors. Elements to look for: Inconsistent answers Leveraging work that is completed Do the VM policies and procedures help or hinder BCP? BCP and VM Flashpoint #1 Incident Response Potential Incidents: Data breach incident Customer service issue Financial Issue Process for Resolution: 1) Written plan 2) Execution 3) Monitor 7
8 BCP and VM Flashpoint #2 Measuring Impact of Vendors BCP Potential Issues: Third Party process key for BCP Customer service if vendor can t deliver Measuring effectiveness of Vendor s BCP Process for Resolution: 1) Tests that include Vendors 2) Back up vendors 3) Alternative internal process BCP and VM Flashpoint #3 Cybersecurity Potential Issues: Third party outage caused by cyber breach Delays caused by cyber breach Ability to review cyber security efforts Process for Resolution: 1) Obtain plans from vendors 2) Scenarios take into account more outages 3) Make contract require access to data BCP Major Elements Creating a Plan Based on infrastructure, applications, key processes Analysis Gaps, RTO, RPOs, improvement plans Scenarios Documenting threats like fires, floods, acts of terror Communication Methods for contacting employees, independent contractors and other identified parties 8
9 The Plan What vendors are vital to the operation: Functions Ex: mobile banking Infrastructure Ex: internet access Process Ex: item processing; mortgage processing, etc. Scenarios How are vendors affected by threats: Weather Ex. Location of vendor Attacks Ex. Are there any single points of failure with the vendor Pandemic Ex: Absence of key personnel destroy vendor s ability to provide service Communication Key Questions: Does a vendor communicate to employees about the event? Does a vendor communicate to client about the event? Are fourth party vendors involved in communicating for a vendor about an event? 9
10 Analysis Measuring Results: How does vendor communicate results of the BCP? Does the vendor s results meet the expectations of your plan? How will improvement of vendor be measured? Major Elements of Vendor Management Monitoring Has my vendor been acquired, sued, or worse? Risk Assessment Analyzing the data gathered from vendors Gathering Data on Selected Vendors Process? Inherent Risk Classification Is this the coffee vendor or the core processor? Contract Defines the relationship between institution and vendor Leveraging the Contract to Manage the Intersection Three Items to Keep in Mind 1) Subcontracting 2) BCP testing 3) Security issues (FFIEC Appendix J) 10
11 Subcontracting - Assignment Meaning: Can the vendor transfer their rights and responsibilities to a third party? Issues to Look for: If Agreement is silent, then it is assignable. If critical vendor, may have additional vendors to review because of outsourcing Mitigation: Should require notice and consent of bank prior to assignment. Intersection: Use of third parties by vendor can vastly expand the need for additional business continuity planning and vendor management BCP Testing Meaning: The disaster recovery plan and test of the plan for the vendor. Issues to Look for: How often are they required by contract to test their plan? How fast can they be back up and running? Mitigation: Details should coincide with how critical the vendor is to the bank. Intersection: What does vendor provide? How is effectiveness of BCP measured? What should be required in the agreement? Security Issues Meaning: How are security incidents handled? Issues to Look for: How quickly will the financial institution be notified and by what means? What data will be available to financial institution? Mitigation: Need to be notified as soon as possible or practicable. Best practice to require a root cause analysis and ability to terminate. Intersection: Does the security issue create stop the service? Is this a disaster? RTO? RPO? 11
12 Classifying Vendors Inherent Risk vs. Residual Risk What does risk assess my vendor mean? Which vendors for business continuity planning? The guidance for BCP uses the term TSP (third party service provider) to refer to vendors that need to have resiliency to allow for financial institutions to have adequate BCP initiatives. Key Practice: May need additional class of vendors that need BCP but are not otherwise critical vendors. Gathering Data - BCP No data available now what? Can other vendor s fill the void and provide a backup? Does vendor have to provide results of BCP testing? Are there any single points of failure in vendor s infrastructure? How does vendor handle the customer data workflow? How and when should be built into agreements with vendors. Key issue any way to mitigate these single points of failure Key issue any third parties identified Risk Assessments Scope Defines work Is BCP part of the audit? Exceptions How corrected? Any BCP exceptions? User Controls Products utilized Any BCP user controls 12
13 Ongoing Monitoring for BCP and VM Annual Review for Risk Assessments of Designated Vendors SSAE 16s Disaster Recovery Plans / Tests Incident Response Plans / Tests Financials Summary of Findings and Evaluation Monitoring is more than Annual Assessment Litigation Vendor Sold / Acquired Data Breach Regulatory Issues Financial Performance Flashpoints Incidents, Measurements, Cyber Contact Information (888) ext ext michael.berman@ncontracts.com 13
Hot Topics in Third Party Management. April 5, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
Hot Topics in Third Party Management April 5, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2018 Wolf & Company, P.C. Before we get started Today s presentation slides can
More informationIT EXAMS TOP 5 CITATIONS. Top 5 citations LOUISIANA BANKERS ASSOCIATION TECHNOLOGY CONFERENCE Policy and Risk Assessment 2.
IT EXAMS LOUISIANA BANKERS ASSOCIATION TECHNOLOGY CONFERENCE 2015 @TrainaCPA TOP 5 CITATIONS Top 5 citations 1. Policy and Risk Assessment 2. ACH/CATO 3. Disaster planning 4. Audit 5. Oversight 1. POLICY
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationHow to apply the 10 BCP best practices to Treasury
How to apply the 10 BCP best practices to Treasury Jill Piligra, Vice President Treasury Management Sales Consultant Seth Marlowe, Vice President Solutions Sales Consultant AFPWNY Lunch Meeting April 17,
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationVendor Management Challenges and Expectations An Open Discussion April 13, 2017
1 Practical solutions driving tangible results Vendor Management Challenges and Expectations An Open Discussion April 13, 2017 Agenda Common Themes Discussion Expectations Overcoming Obstacles Common Comments
More informationBusiness Continuity 101. Fairchild Resiliency Systems
Business Continuity 101 Fairchild Resiliency Systems Business Continuity Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable
More informationTHIRD-PARTY RISK MANAGEMENT
THIRD-PARTY RISK MANAGEMENT Beyond a Regulatory Requirement April 28, 2017 Ken Glascock, CPA, CAMS, CIA, CFSA, CRCM Director kglascock@bkd.com AGENDA Let s Break It Down What Is Third-Party Risk Management?
More informationTier I assesses an institution's process for identifying and managing risks. Tier II provides additional verification where risk is eviden
Appendix A: Examination Procedures EXAMINATION OBJECTIVE: Determine the quality and effectiveness of the organization's business continuity planning process, and determine whether the continuity testing
More informationUS Business Continuity Safeguarding Your Business from a Disaster
US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management
More informationBUSINESS CONTINUITY PLANNING WORKPROGRAM
BUSINESS CONTINUITY PLANNING WORKPROGRAM EXAMINATION OBJECTIVE: Determine the quality and effectiveness of the organization s business continuity planning process, and determine whether the continuity
More informationVendor Management 101
Vendor Management 101 January 18, 2018 Presented by Branan Cooper Chief Risk Officer at Venminder branan.cooper@venminder.com (502) 909-0325 Session Agenda Vendor risk management why it s required today
More informationRisk Assessment - Balancing Risk While Enhancing Controls
Risk Assessment - Balancing Risk While Enhancing Controls cliftonlarsonallen.com Session Objectives Define risk and risk assessment. Execution of assessment and approach Impact on controls and future state
More informationHazard Mitigation Plan (HMP)
White Paper Seven Key Reasons You Need a Current & Rock-Solid Hazard Mitigation Plan (HMP) boldplanning.com There s no time like the present. Hurricanes. Wildfires. Cyber Attacks. Workplace Violence. With
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationVendor Management from an Auditor s Perspective
Vendor Management from an Auditor s Perspective Mike Morris Partner mmorris@pkm.com (404) 420-5669 Mary Beth Marchione Systems Manager mmarchione@pkm.com (404) 548-2825 April 25, 2017 Session Agenda Understand
More informationFOUNDATION OF THE PLAN WAS A RISK ANALYSIS. Basic Flaw focus on threat probability instead of potential impact
FOUNDATION OF THE PLAN WAS A RISK ANALYSIS Basic Flaw focus on threat probability instead of potential impact NOBODY KNEW ANYTHING How do you create a plan? How do you do a Risk Analysis? How much processing
More informationGUIDE TO CONTINUITY PLANNING
Academic GUIDE TO CONTINUITY PLANNING The aim of WashU Continuity is to increase the university s resilience in the face of disruptive events. Resilience means being able to continue performing the university
More informationBuilding a Standard for Business Continuity Planning
Building a Standard for Business Continuity Planning John Lugo Sr. Business Continuity Analyst April 17, 2012 1 April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Business Continuity @ Citrix Statistics
More informationBUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP SPEAKER INFORMATION Marci McCloskey, CISA, ABCP Oklahoma City, Oklahoma University of Oklahoma Stinnett:
More informationBusiness Continuity Planning. LGMA Conference October 27, 2011 Presented by Lisa Benini
Business Continuity Planning LGMA Conference October 27, 2011 Presented by Lisa Benini What is it? Business Continuity Planning Definition: Process of developing and documenting advance arrangements and
More informationVENDOR MANAGEMENT 101
VENDOR MANAGEMENT 101 Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager Introduction to Vendor Management About Your Presenter Andrea
More informationIBM Emptoris Services Procurement on Cloud
Service Description IBM Emptoris Services Procurement on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients
More informationBusiness Continuity Framework
Business Continuity Framework A definition to the Components of Resiliency March, 1 Business Continuity Framework 1. INTRODUCTION... 3 2. PURPOSE... 3 3. THE FRAMEWORK... 4 4. STEERING COMMITTEE... 5 5.
More informationBusiness Continuity Planning: As A Business Owner, What Do I Need to Consider? David Sutton Manager, Environment, Safety and Health.
Business Continuity Planning: As A Business Owner, What Do I Need to Consider? David Sutton Manager, Environment, Safety and Health June 15, 2006 Qualifying Event Continuum Normal Business Operations Business
More informationPreparing for the Unexpected: Business Continuity and Information Security Trends and Tactics
Preparing for the Unexpected: Business Continuity and Information Security Trends and Tactics August 2018 By Kevin Kondo Assistant Vice President, Enterprise Security Kevin Kondo is Assistant Vice President
More informationEvaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs. Troy Harris, Director McGladrey LLP. All Rights Reserved.
Evaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs Troy Harris, Director McGladrey LLP Agenda Business Continuity Planning Overview Program Initiation and Management Disaster
More informationOPERATIONAL RISK MANAGEMENT MODULE
OPERATIONAL RISK MANAGEMENT MODULE MODULE OM Operational Risk Management Table of Contents OM-A OM-B OM-1 OM-2 OM-3 OM-4 Date Last Changed Introduction OM-A.1 Purpose 01/2012 OM-A.2 [This Chapter was deleted
More informationSupply Chain Management within Business Continuity
Supply Chain Management within Business Continuity Al Berman Executive Director DRI International DRI International Who Are We? A Non-Profit Organization Committed to: Promoting a base of common knowledge
More informationBusiness Continuity/ Disaster Recovery. Sean Gunasekera
Business Continuity/ Disaster Recovery Sean Gunasekera Course Outline and Structure Week 1 Security Governance Week 2 Managing Security in the organisation Risk Management Week 3 Risk management Breaches,
More informationCreating an Actionable Disaster Recovery Plan
Creating an Actionable Disaster Recovery Plan Presentation Outline Plan Justification Disaster Definitions & Facts Costs of a Disaster Benefits of Planning Building an Actionable Disaster Recovery Plan
More informationDisaster Preparedness Critical Elements of Centurion Business Continuity Planning. Tom Williams Centurion Business Continuity Strategy Manager
Disaster Preparedness Critical Elements of Centurion Business Continuity Planning Tom Williams Centurion Business Continuity Strategy Manager Disaster Preparedness Webinar Series This webinar, Critical
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationTop 10 pitfalls to avoid when re-inventing your disaster recovery program
The Essential DR Cheat Sheet: Top 10 pitfalls to avoid when re-inventing your disaster recovery program Consult Build Transform Support Every new malicious attack or weather catastrophe underscores the
More informationProtecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning MIS5206 Week 9 Case study discussion Business Continuity Planning (BCP) and Disaster Recovery (DR) Planning Test
More informationVENDORINSIGHTU P D A T E
VENDORINSIGHTU P D A T E November 12, 2013 COMPLIANCE VendorInsight is the industry-leading solution for financial institutions offering the most features and capabilities for vendor risk monitoring. Ask
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationYale University Business Continuity Planning Quick Start Guide
Yale University Business Continuity Planning Quick Start Guide Introduction A Business Continuity Plan (BCP) (previously referred to as Continuity of Operations Plan or COOP) is a collection of resources,
More informationBusiness Continuity Policy
Putting Barnsley People First Business Continuity Policy Version:.0 Approved By: Governing Body Date Approved: August 015 Reviewed October 016 Name of originator / author: Jamie Wike, Head of Planning,
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery 1 Building and Maintaining a Business Continuity Program Table
More informationBusiness Continuity Planning. Diane Engstrom Christian Brothers Risk Management Services
In nature the flow of a river can never be stopped. If an impediment is placed in its path its course will change immediately. Observe the same river in a year and the course will be different still. Come
More informationBusiness Continuity Maturity Matrix
Business Continuity Maturity Matrix A maturity model is one of the most valuable tools available for planning and sustaining a new Business Continuity program. Like the Business Continuity Planning (BCP)
More informationInternal Audit s Role in Third Party Risk Management (TPRM)
www.pwc.com Internal Audit s Role in Third (TPRM) Jon Pastore, Nick Fullmer Third (TPRM) Framework What is Third? Third Party risk management is focused on understanding and managing risks associated with
More informationProtecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets
Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning Agenda Contingency Planning (CP) IT Security Control Class and Family Business Continuity and Disaster Recovery
More informationKeep Your Company Moving After A Disaster With A Business Continuity Plan (BCP)
Keep Your Company Moving After A Disaster With A Business Continuity Plan (BCP) HR Benefits Payroll gnapartners.com It only takes one major interruption to its business operations for a company to recognize
More informationBusiness Continuity vs. Operational Risk Management vs. Business Resiliency. Karen Dye Oakley, CBCP, MBCI
Business Continuity vs. Operational Risk Management vs. Business Resiliency Karen Dye Oakley, CBCP, MBCI www.karendyeconsulting.com Background Most recently with Sun Microsystems, Inc. Director, Global
More informationBroadridge Business Process Outsourcing, LLC Business Continuity Plan Disclosure
Broadridge Business Process Outsourcing, LLC Business Continuity Plan Disclosure I. Summary In accordance with FINRA Rule 4370, Broadridge Business Process Outsourcing, LLC (the Firm ) is providing you
More informationOutline. Payroll Continuity Best Practices Guidelines. Payroll Continuity Planning
36th Annual Conference & Trade Show June 27-29, 2018 Ottawa, Ontario Payroll Continuity Planning Presented by: Sandrine Lafleur Director of Regulatory and Compliance Alight Solutions (formerly AON) sandrine.lafleur@alight.com
More informationIBM Emptoris Strategic Supply Management on Cloud
Service Description IBM Emptoris Strategic Supply Management on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and
More informationEmerging Threats: The importance of Interagency Coordination WEATHERING THE STORM 6 TH ANNUAL REGIONAL DISASTER CONFERENCE
Emerging Threats: The importance of Interagency Coordination WEATHERING THE STORM 6 TH ANNUAL REGIONAL DISASTER CONFERENCE WORLDWIDE THREAT ASSESSMENT of the US INTELLIGENCE COMMUNITY February 9, 2016
More informationWHAT DID I SIGN UP FOR? T I P S F O R B O A R D S FA C I N G A C R I S I S
WHAT DID I SIGN UP FOR? T I P S F O R B O A R D S FA C I N G A C R I S I S What did I sign up for? Tips for boards facing a crisis MCN 2019 Finance and Sustainability Conference Heidi Christianson, Nilan
More information2018 Invenio IT SIMPLE STEPS. 20 tips for. to developing a solid business recovery plan. Created by. Invenio IT 2018
5 SIMPLE STEPS 20 tips for 2018 Invenio IT to developing a solid business recovery plan Created by Invenio IT 2018 Introduction You may know the fundamental goal of any business continuity plan document
More informationBusiness Continuity & IT Disaster Recovery
Business Continuity & IT Disaster Recovery DONALD L. SCHMIDT, ARM, CBCP, MCP, CBCLA, CEM PREPAREDNESS, LLC MARCH 30, 2017 www.preparednessllc.com What are Business Continuity & IT Disaster Recovery? BUSINESS
More informationDiscovering the TAC 202 Information Security Standard
This PathMaker Group white paper describes the subject matter within the standard and purpose of each area of measurement. Ryker Exum Introduction The TAC 202 is a freely available security standards framework
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationStaying Disaster-Ready in Treasury
Staying Disaster-Ready in Treasury A KEY ASPECT OF ANY BUSINESS CONTINUITY PLAN Where to Start?...2 Communications in a Crisis...3 Partner with Your Bank...3 Test to Evaluate Preparedness...5 All businesses
More informationTabletop Exercises. for Cybersecurity. Maintaining a healthy incident response. White Paper. By Michael Everett, Security Analyst
Tabletop Exercises for Cybersecurity Maintaining a healthy incident response White Paper By Michael Everett, Security Analyst Effectiveness of Incident Response Formulating and implementing an incident
More informationBest Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES
Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES Today s Presenters Tom Garrubba Senior Director Shared Assessments Bryan Burnhart Head of Strategic Alliances ProcessUnity Ed Thomas
More informationSTRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017
STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda
More informationWHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY
WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY It s hard to find an organization not impacted by at least one natural, man-made or cyber disruption in 2017. From earthquakes in Mexico, to
More informationEffective Vendor Risk Management. April 21, Mario A. Mosse. This Training is Brought to you by ComplianceOnline. Presenter:
This Training is Brought to you by ComplianceOnline. Effective Vendor Risk Management Presenter: Mario A. Mosse April 21, 2017 This training session is sponsored by 2014 ComplianceOnline www.complianceonlie.com
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationAuditing the Corporate Business Continuity Plan. Seth Davis, CIA, CFSA, CPA, CISA, CISSP, CFA, CPCU
Auditing the Corporate Business Continuity Plan Seth Davis, CIA, CFSA, CPA, CISA, CISSP, CFA, CPCU RLI Insurance Background About 1000 employees, half in branch offices Hybrid IT Infrastructure On-premises
More informationIndustrial Safety & Health
Industrial Safety & Health Review Mid-Term Some Follow-Up Ergonomics Information Articles: Current Events In Safety Business Continuity Planning Safe Meetings for HR Professionals 1 Business Continuity
More informationEffects of GDPR and NY DFS on your Third Party Risk Management Program
Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders
More informationCrowe Consumer Compliance Consulting Services
Crowe Consumer Compliance Consulting Services How Well Is Your Organization Managing Regulatory Risk in Consumer Banking and Financial Services? Audit / Tax / Advisory / Risk / Performance Smart decisions.
More informationManagement of Critical Infrastructure Disruptions in Industrial Supply Chains
Management of Critical Infrastructure Disruptions in Industrial Supply Chains IDRC- International Disaster and Risk Conference 1st International Conference on Critical Infrastructure Protection and Resilience
More informationOctober WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience
October 2018 WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience Background The World Federation of Exchanges (WFE) is the global trade association for exchanges and clearing houses,
More informationDon t Panic! How to develop and implement an emergency response plan for your attraction
Don t Panic! How to develop and implement an emergency response plan for your attraction Paul Chatelot, Director / Prevention, Safety & Environment DiSNEYLAND PARIS September 19, 2016 Agenda Don t panic
More informationEnterprise-wide Business Continuity and Disaster Recovery Planning. Presented by Kelley Okolita
Enterprise-wide Business Continuity and Disaster Recovery Planning Presented by Kelley Okolita Don t get caught without a plan Gloom and Doom My job and yours is to preach Doom and Gloom Planning, not
More informationHOW TO PREPARE FOR BUSINESS CONTINUITY AFTER A DISASTER.
HOW TO PREPARE FOR BUSINESS CONTINUITY AFTER A DISASTER www.mattnj.com HOW TO PREPARE FOR BUSINESS CONTINUITY AFTER A DISASTER Technology has allowed for your business information to run and be stored
More informationEssential Concepts. For Effective. Business Continuity Planning
Essential Concepts For Effective Business Continuity Planning 1 What is a Business Continuity Plan (BCP)? A Business Continuity Plan (BCP) is a comprehensive set of business strategies and actions designed
More informationStrategic Business Continuity Management
Strategic Business Continuity Management Steven J. Ross Deloitte & Touche New York Prospering in the Secure Economy Leading organizations must confront the new realities of today s uncertain economy The
More informationLeading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017
Leading Change: Building Organisational Resilience Jean D. Rowe, MBCI, CDCP May 1, 2017 Jean.Rowe@ae.ey.com Agenda What is Organizational Resilience? Why Should You Care? Are You Prepared? What Do You
More informationBCP Methodology Benefits realisation
www.pwc.com.cy BCP Methodology Benefits realisation Risk Assurance Consulting (RAC) Risk Assurance Consulting (RAC) helps management to make well informed decisions. The insight and independent assurance
More information1/8/2015. Learning Objectives. Why have a plan? Emergency Preparedness, Business Continuity, and Disaster Recovery. Can you anticipate the unexpected?
Emergency Preparedness, Business Continuity, and Disaster Recovery APPA-Institute for Facilities Management J. Craig Klimczak, D.V.M., M.S. 321 South Mosley Road St. Louis, MO 63141 compuvet@aol.com Learning
More informationD ISASTER AND C ONTINUITY P LANNING IS YOUR F ACILITY PREPARED?
Christian Brothers Services D ISASTER AND C ONTINUITY P LANNING IS YOUR F ACILITY PREPARED? Audio-Conference Companion Guide Page 2 Audio-Conference Companion Guide The following is a summary of the central
More informationTHE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE
THE CLOUD, RISKS AND INTERNAL CONTROLS Presented By William Blend, CPA, CFE AGENDA Cloud Basics Risks Related Cloud Use GOA on Service Level Agreements COSO ERM Internal Control Model 2 CLOUD BASICS Evolution
More informationGlobal Crises: What We Really Need to Do to Be Prepared. Day One / Session C5
Global Crises: What We Really Need to Do to Be Prepared Day One / Session C5 April 12, 2010 Clyde Berger Adam Chusid 0 Today s Objectives Present practical solutions for building a viable sustainable program
More informationINTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT
INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT What is Mission Critical to You? Before you acquire mission-critical technology from a third-party software vendor, take a few minutes
More informationIBM Emptoris Program Management on Cloud
IBM Terms of Use SaaS Specific Offering Terms IBM Emptoris Program Management on Cloud The Terms of Use ( ToU ) is composed of this IBM Terms of Use - SaaS Specific Offering Terms ( SaaS Specific Offering
More informationBUSINESS CONTINUITY MANAGEMENT
Loss Control BUSINESS CONTINUITY MANAGEMENT Preparing for the Unexpected Preparing your organization for a disaster can be an overwhelming task, but the risk of being unprepared can be even more devastating.
More informationBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT RCG020-V1-01/2017 Page 1 2017 Royal & Sun Alliance Insurance plc Contents Introduction... 3 Business Continuity Management... 3 Getting started... 3 Business Impact Analysis...
More informationIT Framework Memorandum. For. Supervised Institutions
CENTRALE BANK VAN CURAÇAO EN SINT MAARTEN (Central Bank) IT Framework Memorandum For Supervised Institutions WILLEMSTAD, Updated version April 2011 IT Framework Memorandum for Supervised Institutions 1.
More informationBC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP
BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP WHY THE CONVERGENCE OF BUSINESS CONTINUITY & RISK MANAGEMENT? The convergence of BC and RM
More information12.0 Business Continuity Management
Number 12.0 Policy Owner Information Security and Technology Policy Business Continuity Management Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 12. Business Continuity
More informationAgenda. The BIA and the Risk Assessment. Critical business processes. The Business Impact Analysis as the Foundation of Operational Risk Management
Agenda The Business Impact Analysis as the Foundation of Operational Risk Management Annie Searle, Principal ASA Risk Consultants What s included in a BIA? Why is it foundational to Operational Risk Management
More informationSchneider White Paper OPERATIONAL EXCELLENCE IN THE MIDST OF SUPPLY CHAIN DISRUPTION
Schneider White Paper OPERATIONAL EXCELLENCE IN THE MIDST OF SUPPLY CHAIN DISRUPTION White Paper Operational Excellence in the Midst of Supply Chain Disruption No supply chain is immune to disruptive forces.
More informationIBM Emptoris Contract Management on Cloud
IBM Terms of Use SaaS Specific Offering Terms IBM Emptoris Contract Management on Cloud The Terms of Use ( ToU ) is composed of this IBM Terms of Use - SaaS Specific Offering Terms ( SaaS Specific Offering
More informationFourth Quarter 2014 Earnings Conference Call. February 4, 2015
Fourth Quarter 2014 Earnings Conference Call February 4, 2015 Cautionary Note Regarding Forward-Looking Statements Certain information contained in this presentation is forward looking information based
More informationPoints of Discussion
Business Continuity Planning Considerations for Business Process Offshoring Todd Litman, CBCP DRJ Spring World March 18, 2013 1 Points of Discussion Business Process Offshoring Benefits & Risks Business
More informationNavigating the Storm: Disaster Contingency and Post-Event Strategies Following the Recent California Disasters
Navigating the Storm: Disaster Contingency and Post-Event Strategies Following the Recent California Disasters Laurel Sykes, CRCM SVP, Chief Risk Officer Montecito Bank & Trust lsykes@montecito.bank Objectives
More informationOPERATIONAL RISK MANAGEMENT MODULE
OPERATIONAL RISK MANAGEMENT MODULE MODULE OM Operational Risk Management Table of Contents OM-A OM-B OM-1 OM-2 OM-3 OM-4 Date Last Changed Introduction OM-A.1 Purpose 01/2012 OM-A.2 [This Chapter was deleted
More informationISACA S IT Audit, Information Security & Risk Insights Africa 2014 MAY, 2014
ISACA S IT Audit, Information Security & Risk Insights Africa 2014 MAY, 2014 MANAGING IT RISKS IN THE BANKING INDUSTRY Emmanuel Ofori Boateng, Dep. Head, IT, Ecobank Ghana OVERVIEW - HISTORY OF RISK MANAGEMENT
More informationLPL Financial Branch Offices. Oak Tree Financial Services, LLC. Business Continuity Plan (BCP)
LPL Financial Branch Offices Oak Tree Financial Services, LLC. Business Continuity Plan (BCP) Table of Contents I. INTRODUCTION... 1 II. EMERGENCY CONTACT PERSONS... 1 III. BRANCH POLICY... 1 IV. BUSINESS
More informationOPERATIONAL RISK MANAGEMENT MODULE
OPERATIONAL RISK MANAGEMENT MODULE MODULE OM Operational Risk Management Table of Contents OM-A OM-B OM-1 OM-2 OM-3 OM-4 Date Last Changed Introduction OM-A.1 Purpose 01/2012 OM-A.2 [This Chapter was deleted
More informationThird-Party Risk: The Examiners are Coming!
Third-Party Risk: The Examiners are Coming! Brad Keller, Sr. Director, 3rd Party Strategy Prevalent Inc. Hosted by Compliance Week s assistant director of events & programs, Tsvetelina Gabin. 1 Agenda
More informationContinuity of Operations (COOP) Training
Kent County Disaster Mental Health & Human Services Committee Continuity of Operations (COOP) Training May 10, 2011 Lt. Jack Stewart, Kent County Emergency Manager Deputy Chief Gary Szotko,, City of Grand
More informationAbraham E. Binder MA, ABCP York University Disaster & Emergency Management Program
Abraham E. Binder MA, ABCP York University Disaster & Emergency Management Program TTX Basics Real Relevant Refreshed Questions TTX Fundamentals Intermediate level For busy leadership teams Not a Walkthrough
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Learning Objectives To understand the concept of Business Continuity Management; To understand the key phases and components of a Business
More information