The Best Offense. Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management

Similar documents
Business Impact Management Moving Beyond the Traditional BIA THINK DIFFERENT. THINK SUCCESS.

How to to transition to ISO One year on. Rob Acker Business Continuity Lead Assessor LRQA Ltd

Introducing ISO 22301

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014

Maturity Modeling: A Strategic Roadmap to Improve Your Business Continuity Program

ISO/TS 22317: How to Use ISO s Newest BC Standard to Develop Real BC Requirements

BCP Methodology Benefits realisation

Citizens Property Insurance Corporation Business Continuity Framework

Business Continuity Maturity Model (BCMM) Overview & Standards Compliance Assessment v2.5

Points of Discussion

Agenda. Best Practices for Marketing Your Business Continuity Program Outside the Organization. Introduction

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

SUBJECT AREA 3 - BUSINESS IMPACT ANALYSIS

The 13th Annual Continuity Insights Management Conference

David Nolan, CEO Fusion Risk Management, Inc.

UNIVERSITY OF ABERDEEN ADVISORY GROUP ON BUSINESS CONTINUITY & RESILIENCE BUSINESS CONTINUITY POLICY

Presentation on Crisis Management and Business Continuity. ISCA Breakfast Talk 13 September See Hong Pek, Partner, PwC

Business Continuity & IT Disaster Recovery

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

Business Continuity Planning and Disaster Recovery Planning

Improving Customer Satisfaction with better Supply Chain Management

Strategic Business Continuity Management

Business Continuity 101. Fairchild Resiliency Systems

Business Continuity Framework

OmniMath, Inc. Business Continuity Services Overview

Business Continuity. Building a Program Fit for Purpose

Operational Resilience Measure and Report

Business Continuity Management (BCM) Chicagoland Safety Conference October 24, 2013

A NEW MOMENTUM FOR BUSINESS CONTINUITY PROFESSIONALS? LAURENT RICCIARDI HEAD OF EFFICIENCY PROCESS & INFORMATION MANAGEMENT

A Guide to Business Continuity

Business Continuity Planning. LGMA Conference October 27, 2011 Presented by Lisa Benini

pwc.co.uk Business continuity management

Business Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017

Meet Our Presenter. Equipping You For Success: An ISO Certification Case Study

Third Party Risk Management ( TPRM ) Transformation

Business Continuity Management and Resilience Framework

Business Continuity vs. Operational Risk Management vs. Business Resiliency. Karen Dye Oakley, CBCP, MBCI

EY s Africa Resilience Survey 2016

Creating a Business Continuity Plan for your Health Center

WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY

Practices for Effective Local Government Leadership

Introduction to Business

A Practical and Effective Approach to Risk Assessment

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

Equipping You For Success

AUDITING BUSINESS CONTINUITY: GLOBAL BEST PRACTICES

ICMA PRACTICES FOR EFFECTIVE LOCAL GOVERNMENT LEADERSHIP Approved by the ICMA Executive Board June 2017; effective November 2017

Leading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017

BCP Methodology Benefits realisation

NHS England Emergency Preparedness, Resilience and Response (EPRR) Business Continuity Workshop Delegate Book

BUSINESS CONTINUITY AS A SERVICE

Testing and Exercising. Continuity Forum May 17, 2012

18 Business Continuity Management

BUSINESS CONTINUITY: PROTECTING YOUR BUSINESS FUTURE

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager

How to apply the 10 BCP best practices to Treasury

When Recognition Matters TRAINING AND CERTIFICATION CATALOGUE

Business Continuity Management Policy

ISO Business Continuity Management. Your implementation guide

Business Continuity & Disaster Recovery

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Strategy Analysis. Chapter Study Group Learning Materials

BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP

Ensuring Organizational & Enterprise Resiliency with Third Parties

BUSINESS CONTINUITY MANAGEMENT

The NextGen of BC/DR Planning

OUR UNIVERSITY CONTRIBUTION

ABA Compliance School Advanced

POL:10:EP:003:03:NIBT PAGE 1 of 7

Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

Gain strategic insight into business services to help optimize IT.

Brian Stoner Services Business Continuity Manager Cisco Systems 3530 Hyland Avenue Costa Mesa, CA (714)

Innovations in Business Continuity Planning

Developing your brand

Advancing your BCP Program

Disaster Preparedness & Your Supply Chain

The ESRM Life Cycle In Action Simulation Exercise September 23, 2018

EIGHT STEPS TO CREATING A PERSONAL BRAND By Susan Peppercorn

Business Continuity Planning for Major Disruptions Checklist 255

Frequently Asked Questions for Suppliers. Achilles Automotive Supply Chain Mapping (SCM) Programme

High Performance Crisis/Incident Management A Roundtable Discussion Regarding Best Practices

End to End Operational Resilience

Business Continuity Management Plan. Policy

Aligning IT risk management with strategic business goals

City of Saskatoon Business Continuity Internal Audit Report

ISO A Tool For Continual Improvement

Preparing for a Disaster or Business Disruption

5th Annual National Congress on Health Care Compliance. Internal Audits Role in Compliance (and Vice Versa)

WILTSHIRE POLICE FORCE POLICY

trinity ISO 45001:2018 A New Standard for OH&S Management System 4/27/2018

ISACA San Francisco Chapter

Preparing for the Unexpected: Business Continuity and Information Security Trends and Tactics

Role Profile. Role Details. Grade 4 Business unit. Date produced or updated March 2017

Business Continuity and Natural Disaster Resilience: Where Are We Heading? Adopting best practices for weather safety based on new science

Using a Standards-Based Management-System Approach to Increasing Resilience

ISO 14001:2015 Updates and Key Themes

Disaster Preparedness & Your Supply Chain

BUSINESS CONTINUITY: PROTECTING YOUR BUSINESS FUTURE

Subject Area 9 Public Relations and Crisis Coordination

Transcription:

The Best Offense Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management

Agenda Welcome and Introduction Governance and Compliance Liability Issues BC Standards Requirements Policy Your Organization s Requirements Vendors Exercise and After Action Documentation Suggested Approaches Q & A

AUDIENCE PROFILE Power of Us TOGETHER WE SUCCEED Solutions 2017

Governance, Risk & Compliance

Liability Issues Impacts from records non-availability could result in: 1. Regulatory Violations 2. Fines 3. Legal Actions 4. Damage to Brand/Organizational Reputation 5. Additional Operating Expenses 6. Operational inefficiencies

BC Standards Requirements ISO 22301 4.2.2 Legal and regulatory requirements must be understood 4.3.2 Scope of the BCMS 5.3 Policy

BC Standards Requirements NFPA 1600 4.4.1 Program Administration 4.5.2 Laws and Authorities 4.7 Records Management

BC Standards Requirements ASIS ASIS is an organization for security professionals world-wide. www.asisonline.org

An Organization is a Puzzle Information Management is how we tell the story of how we are all connected and dependent on each other to execute and ensure the success of the institutional strategy/mission.

Map It Out For Visual Learners

Policy Command & Control Driving Engagement Strategy & Preparation Driving Outcomes Information Successful programs drive engagement and deliver outcomes based on a solid Information framework that enables and empowers BCM to be in Command & Control at every stage.

Policy Define key terms Scope and boundaries for the program Identify chain of command What a business continuity incident is and isn t Standards references Funding Other related policies Participation requirements Exercise testing and maintenance

Impact Assessments Business Impact Assessment (BIA) Process, Function, Department, Functional Area System/Technology Impact Assessment (SIA/TIA) Application, IT System, IT Service Facility/Site Impact Assessment Vendor Risk Assessment Vendor/Third-Party/Supply Chain

Vendor Documentation You can t outsource risk.

Vendor Risk Analysis OBJECTIVE Control BCM risks associated with vendors used in performing business processes 1 Vendor Criticality 2 Vendor Resiliency Risk Vendors Criticality Factors Critical vendors Important vendors Vendor BCM Risk Analysis Deferrable vendors Plans/Procedures to mitigate risks Vendor requirements gaps - (KPIs / KRIs)

Exercise Documentation

Exercise Documentation List of participants Description of the exercise scenario Event summary What went well Needs improvement Remediation plan Update it as you close items

Activation After-Action

Why Perform a Vital Records Impact Assessment? To identify the most critical records to the organization To quantify, measure and report on the availability of records To determine appropriate strategies for the availability of records To prioritize efforts for improving records availability To determine the resilience and recovery requirements (IT, Facilities, Suppliers) to support records availability To identify the most critical IT (Systems and Applications) and determine recovery priorities To support the business case for investments in IT resiliency To identify the most critical Facilities To identify the most critical Suppliers/Vendors

Begin With the End In Mind What questions are you trying to answer? What Decisions are you driving? What Actions must be taken? Quality Impacts Criticalities Dependencies Gaps Exposures Preparedness Frequencies Least Resilient Priorities

Build an Information Foundation Questions need answers! 1. What are the critical functions and why? 2. On what assets do our operations depend? 3. What are our most critical assets and why? 4. How are our operations interdependent? 5. How would operations be impacted by various threats? 6. What would upstream and downstream effects be? 7. How do peak processing periods change the picture? 8. How would a disruption impact a) Employee or client well being? b) Ability to provide services? c) Ability to provide product? d) Perception of the brand? 9. What options and alternatives do we have? 10. What outage durations could be expected from various events? 11. What resources and assets can we leverage to minimize impact? Answers drive buy-in! 1. Understanding the inner-workings of our operations. 2. Visibility to operational risks AND areas for improvement. 3. Set expectations for potential disruptions. 4. Filled information gaps and clarified misinformation. 5. Improved communication and raised credibility of BC Team. 6. Raised the level of dialogue and quality of decision-making.

The Payoff: Program Success! You will build a network of advocates and champions. You will establish command & control over your program. We will have become part of the solution!

Making It Work For You Minor Adjustments. Major Results. Make yourself invaluable Build your information foundation. Know more than anyone else. Anticipate questions and frame the answers. Drive engagement. Drive Outcomes Go deep. Go wide. Prepare to act. Prove it.

Questions & Answers

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback