Continuity and Resilience (CORE)

ISO 22301 BCM Consulting Firm

Presentations by speakers at the

6th Middle East Business & IT Resilience Summit

Mar 30, 2017 at The Address – Dubai Mall

Our Contact Details:

UAE INDIA

Continuity and Resilience

P. O. Box 127557

Abu Dhabi, United Arab Emirates

Mobile:+971 50 8460530

Tel: +971 2 8152831

Fax: +971 2 8152888

Email: info@coreconsulting.ae

Continuity and Resilience

Level 15,Eros Corporate Tower

Nehru Place ,New Delhi-110019

Tel: +91 11 41055534/ +91 11 41613033

Fax: ++91 11 41055535

Email: info@coreconsulting.ae

Daman Dev Sood

COO & Head – Sustainability Practice

CORE

d.sood@continuityandresilience.com

www.coreconsulting.ae

Testing BC Plans

About Continuity and Resilience (CORE)

ISO 22301 certified Management Consulting Firm Cyber Security Services

Business Continuity Management Services

Crisis Management Services

IT Disaster Recovery Services

Information Security Management Services

Risk Management Services

Green IT/ Sustainability Services

We Consult / Train / Assess and Certify in these domains

3

Typical BCM Implementation Methodology

4

Quite easy…..correct?

5

So where do where do we start?

• Make a Testing Program Plan

• Make a Test Plan for each test

• Conclude a test with a Test Report

• Close through follow up

• A BC test should create least disturbance to the business

Good Practices

6

• Estimate resources • Raise the bar slowly • Involve all relevant interested parties

– Plan owner – BC Champion – BC Manager – Supporting functions (HR, Finance, IT, Facilities etc.) – Team members – Management – Customers, suppliers. Vendors – Authorities

Good Practices

7

• Keep relevance

• Start and stop criteria

• Measure of success

• Fire evacuation drill is not fire alarm test

Good Practices

8

• Check effectiveness

– How many were scheduled

– How many were conducted

– How many were conducted on schedule

– How many were successful

– How many action items emerged

– How many actions have been closed

– How many actions are open – for how long and for what reasons

Good Practices

9

BC Exercising – Types (and other parameters)

10

0

1

2

3

4

5

6

7

Review/Walkthrough

Table Top Call Tree Simulation IT/ Work AreaRecovery

Integrated

Cost

Complexity

Risk (of distrurabnce due Test)

Assurance

Frequency

Graph not to scale

Cost

Complexity

Risk

Assurance

Frequenc

y

Thank you!

Daman Dev Sood Continuity and Resilience * d.sood@continuityandresilience.com www.coreconsulting.ae

11 15

Continue to know more about CORE…

About CORE

12

• Crisis Management

• Crisis Communications

• Business Continuity

• Disaster Recovery

• Cyber Security

Country

• India

• USA

• Canada

• UK

• Europe

• Africa

• Middle East

Institutions

• Business Continuity Institute (BCI) –

UK for offering BCM Certification

• Intertek and Bureau Veritas –for

offering ISO 27001/ ISO 22301

courses

• American University of Ras Al Khaimah

– for offering certification courses

Our Range of Specializations in Consultancy & Training cover:

Global Experience Our Partnerships

• Sustainability

• Information Security

• IT Service Management

• Project Management

• Quality

Industry

• Financial Services

• Telecom

• Manufacturing

• Airlines

• Trading

• Oil and Gas

• Government

.

Continual Improvement

Our Services

13

We are a firm that specializes in the complete Resilience cycle, offering Consulting, Assessments,

Trainings and Certification Services for organizations in both the public and private sectors. We

too are certified ISO 22301:2012 firm.

Information Technology

Disaster Recovery

Crisis

Management

Business Continuity

Management

IT Disaster Recovery

Trainings

Testing & Exercising

Crisis Communication

Crisis Management

Trainings

Testing & Exercising

Consulting

Implementation

Audits

Maturity Assessment

Trainings

Testing & Exercising

Design & Implementation

• Training and Awareness

• Exercising and Testing

• Audits

• Continuity and Recovery Strategies

• Crisis Management

• Incident Response Structure

• Business Continuity Plan

• Crisis Management Plan

• Incident Management Plan

• Gap Assessment

• Business Impact Analysis

• Risk Assessment

Validation

Analysis

Em

bed

din

g B

usin

ess Co

ntin

uity P

olic

y an

d P

roje

ct M

anag

emen

t

ISMS and Cyber Services

• GRC

• Managed Security

Services

• Trainings

How are we different?

14

1 2 3

We have trained over 2000 professionals from 500 organizations

Our consultants have performed approximately 80 mandays of ISO 22301 / BS 25999 assessments

4

We conduct public and inhouse workshops for BCM Training and Professional Certifications and help organisations run Crisis Management and Table Top exercises and simulations

We are an ISO 22301 certified company

How are we different? (Contd.)

15

5 6 7

Our consultants are experienced BCM professionals who held senior management positions mostly as heads of functions

Our consultants have over 140 + man years of collective experience ranging accross geographies and industries

Most of our consultants hold multiple certifications in BCM and other related domains

8

Many of our clients have been certified to ISO 22301 / BS25999, based on our consulting for them

Cyber Security / Information Security

16

Capacity Building & Skill

Dvlp

• Corporate Instructor Led Trainings

• Cyber Attack Simulation Exercise

• Customised training for Corporate

• Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC)

Professional

Services

• Governance, Risk & Compliance

• CERT & CSIRT (BOMT Model)

• Forensics & Investigations / VAPT

• Gap Analysis / Health Checks & Pre Audit Services

Managed Security Services

• CSIRT as a Service

• SOC (remote, BOMT/O&M)

• Predictive Security through Threat Hunting & Counter Threat Intelligence

• Forensics & Investigation Services

Products

• Confront & Denial of Operations Area through Smoke Screen

• Forensics Workstation & DDoS Protection Tool

• Employee Forensics & Monitoring Tool

• Mobile Device Management & Mobile Data Security

Assurance & long term

sustainability

Validation of documented steps

Effective & coordinated response

during crisis in order to minimize

decision points at the time

Identify potential threats & take

measures to mitigate impact

Focus on high priority items

Maturity Assessment

Industry Benchmarking

Current State Assessment

Imp

lem

en

tati

on

BC Strategy & Response

Risk Assessment

Business Impact Analysis

Program Management Plan

Op

era

tio

nalize th

e

BC

MS

Continual Improvement

Performance Evaluation

Exercising

Testing

Init

ial A

ssessm

en

t &

R

oad

map

Assessment Report

Implementation Review

Documentation Review

Interview Senior Management

Implementation Operationalize

the BCMS

Initial

Assessment

Benefits

The salient points that will be covered by CORE BCM consulting are illustrated below :

Consulting

BCM

Consulting

Assignment

17 21

Trainings

Public Programs

• Global Certifications like BCI, IRCA

• CORE Certifications

In-house Workshops

• Global Certifications like BCI, IRCA,

• CORE Certifications

Tailor-made

• Customized to clients

• Specialized coverage

• Awareness Education

• Simulated Exercises

18

Some of our Trainings

• Cyber Attack Simulation Exercise

• ISO27001 on the ground implementation workshop

• Crisis and Disaster Management Simulation Exercise

• Senior Management Awareness workshops

• ISMS and BCMS coordinators training workshops

• BCI-UK certified GPG workshops (leading to CBCI)

• Certification aspirants workshops for CISSP, CISA, CISM and CRISC

• ISO 27001 and ISO22301 Lead Auditor training

• ISO 31000 Risk Management and IT Disaster Recovery

Certification

19

Tools Support

CORE acts as a conduit between the partner & client by providing support for:

• Gather requirements

• Shortlist Vendors

• Subject matter expertise for tool selection

• Perform Vendor Demos

• Tool installation & implementation

support for BC, ITDR & Notification

• Assistance during tool testing

20

Benefits

E-learning Support

Benefits of E-Learning for our clients:

• Higher coverage

• Consistency in communication

• Higher learning retention

• Learn at your own pace,

anytime and anywhere

• Latest and most updated

course ware always available

• Cost effective as against

class room based training

• Saves paper reduces carbon

foot print

21

Crisis

Management 1

Bu

sin

ess

Co

ntin

uity

2

IT S

erv

ice

Ma

na

ge

ment

6

Sustainability 7

Some of Our Consulting and Training Clients

22

Our 2017 Summits

23

Thank you!

Daman Dev Sood Continuity and Resilience * d.sood@continuityandresilience.com www.coreconsulting.ae

24 15

End of presentation……

28