Business Continuity PowerPoint Presentation, PPT - DocSlides
Management. for. Risk Managers. Business Continuity. USA. 3. What is BCP?. . BCP - Business Continuity Planning –. The identification and protection of business processes required to maintain an acceptable level of operations in the event of sudden, unexpected. ID: 146164Direct Link: Link:https://www.docslides.com/trish-goza/business-continuity Embed code:
Download this presentation
DownloadNote - The PPT/PDF document "Business Continuity" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentations text content in Business Continuity
What is BCP?
BCP - Business Continuity Planning –
The identification and protection of business processes required to maintain an acceptable level of operations in the event of sudden, unexpected
or not so unexpected,
interruptions of these processes and their supporting resourcesSlide4
Where Are We Going?
More Integrated SolutionBusiness ContinuityDisaster RecoveryEmergency ResponseCrisis ManagementRisk Management
Under The Banner of
Business Continuity ManagementSlide5
Prevention - Physical - Logical (Technology) Supply Chain - Vendor management - Inventory Control BCP Creation - Crisis Management - Emergency Response - Disaster Recovery - Business Recovery
Evacuation - Life & SafetyIncident/Crisis ManagementBCP activation - Business Recovery - Relocation - Processing - Reprioritize Product/Customer - Technology Recovery - Data Recovery - Processing Recovery
Claims ProcessingIncrease Production LevelsLessons Learned - Mitigation/Prevention
Consumer Credit Protection Act
OMB Circular A-130
FEMA Guidance DocumentPaperwork Reduction ActISO 27002 (Previously ISO17799)FFIEC BCM HandbookComputer Security Act12 CFR Part 18Presidential Decision Directive 67FDA Guidance on Computerized Systems used in Clinical TrialsANSI/NFPA Standard 1600Turnbull Report (UK)ANAO Best Practice Guide (Australia)SEC Rule 17 a-4FEMA FPC 65CAR
Sarbanes-Oxley Act of 2002
HIPAA, Final Security Rule
FFIEC BCM Handbook -2003/ 2008
Fair Credit Reporting ActNASD Rule 3510NERC Security GuidelinesFERC Security StandardsNAIC Standard on BCMNIST Contingency Planning GuideFRB-OCC-SEC Guidelines for Strengthening the Resilience of US Financial SystemNYSE Rule 446California SB 1386Australia Standards BCM HandbookGAO Potential Terrorist Attacks GuidelineFederal and Legislative BC Requirements for IRSBasel Capital AccordMAS Proposed BCM Guidelines (Singapore)NFA Compliance Rule 2-38FSA Handbook (UK)BCI Standard, PAS 56 (UK)Civil Contingencies Bill (UK)
1991 - 2001
FPC 65 NYS Circular Letter 7 ASIS State of NY FIRM White Paper on CPNISCC Good Practices (Telecomm)Australian Prudential Standard on BCMHB221HB292BS25999SS507 – SS540TR19CA Z1600ISO/PAS 22399
Title IX – 110-53
Post-9/11 Surge in Business Continuity Regulations and Standards
a. Goal of the new program is to provide a method to independently certify the emergency preparedness of private sector organizations, including their disaster / emergency management and business continuity programs. The program focuses on certifying the preparedness of businesses and other private sector entities, and does not involve any individual professional certification. b. The program will be voluntary.c. Key stakeholders are invited to participate in the development of the program. Consultation with a variety of organizations and various sectors is required by the legislation. Program development will likely include involvement by a diversity of private sector advisory groups and others.d. The program will be administered outside of government by 3rd party organizations with experience / expertise in managing and implementing voluntary accreditation and certification programs.e. One or more preparedness standards can be designated. NFPA 1600 is reference by example.f. Existing industry efforts, certifications and reporting in this area will not be duplicated or displaced, but rather recognized and integrated.g. Special consideration will be made for small business.h. Proprietary and confidential information is to be protected.
Title IX – 110-53Slide9
Approved StandardsASIS International SPC.1-2009 Organizational Resilience: Security Preparedness, and Continuity Management System – Requirements with Guidance for use (2009 Edition). British Standards Institution 25999 (2007 Edition) - Business Continuity Management.(BS 25999:2006-1 Code of practice for business continuity management and BS 25999: 2007-2 Specification for business continuity management)National Fire Protection Association 1600-Standard on Disaster / Emergency Management and Business Continuity Programs, 2007 and 2010 editions.
How It Works
In progress - ANSI
Creation of Accreditation Rules (AR) for Training of “Certification Bodies”
Approved by ANSI-ANAB
Must comply with ASTM 2659 and be approved by ANSI-CAP or ISO/IEC 17011
Potential CB’s Must Take Course and Pass Examination
As of this Moment No Organization
Has Been Approved to Accredit Certifying Bodies
Has been Grandfathered into Compliance with PS-PrepSlide12
NFPA/DRI Audit Course Certification
DRI/NFPA Course is proceeding with ANSI-CAP Accreditation for the Course. Preliminary application has been approved
ANSI-CAP follows the accreditation process outlined in the international standard ISO/IEC 17011,
General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies as well as ASTM E2659 - 09e1 Standard Practice for Certificate Programs
and recognized by ANSI-ANAB
Passing the Exam will Provide a Certificate of Completion (Because training is a requirement there can be no examination only)
This Certificate will Be Required to Seek CBCA/CBCLAs
DRI International will maintain recertification through continuing education (RABQSA requirement)Slide13
TITLE IX UPDATE
At ANSI – HSSP (Homeland Security Standards Panel ) - DHS “unveiled” its “Voluntary Private Sector Preparedness Accreditation and Certification Program – Proposed Target Criteria for Preparedness Standard”
Internally developed and will be open for comment when DHS publishes a notice in the Federal Registry
December 24, 2008 DHS files notice for comments in the Federal Register. “We note that the designated officer will consider adoption of the American National Standards Institute (ANSI) National Fire Protection Association (NFPA) 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (ANSI/NFPA 1600)—the standard specifically mentioned in both the statute and the 9/11 Commission’s recommendation—as well as any other private sector preparedness standards submitted for adoption.”Slide14
TITLE IX UPDATE
October 15, 2009: Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new proposed standards for a 9/11 Commission-recommended program for the private sector to improve preparedness for disasters and emergencies.
The proposed standards, developed by the National Fire Protection Association, the British Standards Institution and the ASIS International, were selected based on their scalability, balance of interest and relevance to PS-Prep from a group of 25 standards proposed for consideration following the publication of a Federal Register notice in December 2008 announcing the program. Visit: www.fema.gov/privatesectorpreparednessSlide15
TITLE IX UPDATE
DHS has published a notice in the Federal Register announcing its intent to adopt the three standards listed below under PS-Prep. The notice also requests public comment on these standards and other programmatic issues:
ASIS International SPC.1-2009 "Organizational Resilience: Security Preparedness, and Continuity Management Systems"
British Standards Institution 25999 "Business Continuity Management"
National Fire Protection Association 1600:2010 "Standard on Disaster / Emergency Management and Business Continuity Programs”Slide16
Public/Private Sector LandscapeSlide17
Risk Management has been around for a while
Even the ancients practiced a form of risk management.
Question: who invented the first fire protection system (hint: it was semi-automatic)?Slide20
We all practice risk management
Example of risk transfer:Example of risk retention:
Crisis Management is a relatively new discipline
New “poster child” of how NOT to do good crisis management is……?Example of a company that practiced good crisis management, and still prospers to this day…? The advent of instant worldwide communications mandates good crisis management for business survival
Johnson & Johnson, Tylenol!!Slide24
-Incident Command SystemSlide25
Emergency Management has distant roots as well
First U. S. fire department?Slide26
Philadelphia – 1736
Training: drills…practice, practice, practice!
Planning: pre-plans with emergency services
Communication: 911, Emergency Notification Systems
Coordination of efforts: Incident Command System (ICS)Slide29
Disaster Recovery is a relatively new concept
Late 1960’s early 1970’s – introduction of computer mainframes
Question: Who created the first disaster recovery (DR) plan?Slide31
The first data center manager who realized the problem if they lost their data and made a copy and took it home each nightSlide32
Disaster Recovery is a relatively new concept cont.
1990’s – LANS & WANS2000’s - Web-based computingFuture – Who knows! The Cloud???
Late 1980’s - PCs become prevalentSlide33
Had its roots in DR
Realization: it takes more than just data and applications to continue the business
BC is a process, not a transaction
Plan Test &
Business Continuity Management
Enterprise Risk ManagementSlide35
Business Continuity Management
Enterprise Risk ManagementSlide36
Who Needs BCM?
Industries / SectorsSlide37
Who Needs BCM?
Is business continuity scalable?Slide38
Example: Bob’s Dry Cleaning
Fire prevention program
Emergency services pre-plan
Example: Bob’s Dry Cleaningcont.
Identify back-up hardware
Example: Bob’s Dry Cleaningcont.
Challenge for Business Continuity in the U.S. going forward:
Business Continuity must be a common business practice throughout all private and public sector organizations, regardless of size.Slide42
DRI International – Who Are We?
Organization Committed to:
Promoting a base of common knowledge for the continuity management industry
Certifying qualified individuals in the discipline of Business Continuity
Promoting the credibility and professionalism of certified individuals
Celebrated our Twentieth Anniversary in 2008.
The Industry’s Premier Education and Certification Program BodySlide43
DRI International has Certified INDIVIDUALS in over 95 Countries. DRI International conducts training courses in over 45 countries.More individuals choose to maintain their certification through us than all other organizations in our industry combined (Over 7,500 individuals as of 2009)DRI International certifies individuals and teaches in English, Spanish, French, Japanese, Mandarin, and Russian.Conducts Courses for:Insurance AuditSmall and Medium Sized Businesses
DRI International – Who Are We?Slide44Slide45