Implementing a Successful Business ... - Map Your Show › mys_shared › GSX19 › ... ·...
Transcript of Implementing a Successful Business ... - Map Your Show › mys_shared › GSX19 › ... ·...
Implementing a Successful Business Continuity ProgramJamie Sanderson-Reid, CPP, CISSP, MBCI, CCSP
Malcolm B. Reid, CPP, FBCI, CBCP, CFE
Today’s agenda
• Introduction
• Situation
• Challenge
• Solution
• Outcomes
• Discussion
ABOUT YOUR SPEAKER
ABOUT YOUR SPEAKER, CONT’D
ABOUT YOUR CO-SPEAKER
ABOUT YOUR CO-SPEAKER, CONT’D
Situation
• Global financial services organization
• Operations in AMERS, APAC,EMEA
• BC policy out of date and not clear on requirements
• Existing plans out of date and built around a tool which is now obsolete
• Audit requirements to have BC Program and Plans approved and validated
Challenge
• Multiple time zones and different cultures and priority for each business unit.
• “Fear” of transparency/sharing information openly across organization.
• Lack of understanding of relationship between crisis management, business continuity, and disaster recovery.
• Lack of accountability for updating business continuity documentation.
• Tool selection and cloud requirements for SaaS providers
Solution
• 7 Steps to BC Program
• PDCA Approach
• Project Management Techniques
• New Tool to manage all CM, BC, and DR plans and procedures
PDCA Cycle
Plan
Do
Check
Act
7 STEPS TO A WORLD-CLASS BUSINESS CONTINUITY PROGRAM
Initiation
Top Management Support
Business Driven Requirements in Policy
Awareness Value Add to Organization
Current Trends
Horizon Scanning
Competency TrainingPolicy Requirements
How to Use Tools
Relationship BuildingSeek Feedback
Understanding Group Needs
Simplify/Improve Processes
Injection
Assessment
Options to achieve RTO
Feasibility
Cost/Benefit
Strategy
Planning
ACTIONABLE PROCEDURES TAGGED TO NAMED TEAMS AND INDIVIDUALS
UNDERSTOOD THRESHOLDS FOR ACTIVATION &
ESCALATION
APPROPRIATE TOOLS
Testing
Key Threats/Hazards & Areas for
Improvement
Exercise Program Priorities
Exercise Objectives Core Capabilities
Auditing
Align with ISO22301 & Best Practices
Crosswalk/Gap Analysis against ISO22301
Policy Requirements Evidence
Outcome
• Program in place with path for maturity.
• Greater awareness of resilience requirements including alignment between crisis management, business continuity and disaster recovery.
• Actionable plans and procedures for recovery.
• Greater confidence in ability of the org to respond to any disruption.
• Completed all audit requirements.