1 / 29

How to plan and manage a BCM and IT DR project

Continuity and Resilience (CORE), ISO 22301 BCM Consulting Firm Presentations by Speakers at the 1st KSA Business & IT Resilience Summit at Riyadh<br>http://coreconsulting.ae/<br>

COREConsulting
Download Presentation

How to plan and manage a BCM and IT DR project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Continuity and Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 1st KSA Business & IT Resilience Summit 16th Feb, 2017 at Four Seasons Hotel, Riyadh KSA Our Contact Details: INDIA UAE Continuity and Resilience P. O. Box 127557 Abu Dhabi, United Arab Emirates Mobile:+971 50 8460530 Tel: +971 2 8152831 Fax: +971 2 8152888 Email: info@continuityandresilience.com Continuity and Resilience Level 15,Eros Corporate Tower Nehru Place ,New Delhi-110019 Tel: +91 11 41055534/ +91 11 41613033 Fax: ++91 11 41055535 Email: ms@continuityandresilience.com

  2. Getting started…… How to plan and manage a BCM and IT DR project Dhiraj Lal, Executive Director, CORE dhiraj.l@continuityandresilience.com +971 52 9263933, www.coreconsulting.ae

  3. About Continuity and Resilience (CORE) ISO 22301 certified Management Consulting Firm Cyber Security Services Business Continuity Management Services Crisis Management Services IT Disaster Recovery Services Information Security Management Services Risk Management Services Green IT/ Sustainability Services We Consult / Train / Assess and Certify in these domains 3

  4. Typical BCM Implementation Methodology Quite easy…..correct? 4

  5. So where do where do we start? 5

  6. Getting started • A collection of case studies from our IT DR and BCM Consulting and certification engagements • Situations our consultants have been involved in • As part of our previous organisations (in-house implementations) or as consultants • Including some situations we have been told about by others • “Customer” is being used in this presentation as a generic term. Could be internal or external 6

  7. Based on diverse Case Studies from…. • Customer 1 • Customer 2 • Customer 3 • Customer 4 • Customer 5 • Customer 6 • Customer 7 • Customer 8 Manufacturing Central Bank Insurance Banking Aviation Govt. Sector Outsourcing Facilities Management 7

  8. Effective BCM means that you MUST….., Have “reasonable” assurance of recovery R Back to normal Partial re-start Immediate Response IT Emergency Response Crisis Business Continuity Disaster Recovery Business IT Management Business As Usual Evaluate Invoke Arrangements to recover prioritized activities as pre- agreed Return to normal level Protect people, assets, reputation Plans for alternate facilities, machines, utilities, IT, staff, supply chain etc Back to BAU resources Assess damage & communicate 8

  9. Effective BCM means that you MUST..... Recover within “reasonable” timelines INCIDENT Overall performance Normal Operations Organisation Effective BCM Program B Minimum Level of Operations No BCM Program A Time 9

  10. Starting it right • Clear Understanding of “WhyBCM”…don’t start if Management is not convinced • Present the business case –What’s in it for me? Not just defensive, but also a revenue generator • Budget commitment to conduct the project….and willingness to consider investing in more resources if need be • Strong mandate from the Top, via the BCM Policy…..Each unit is responsible for their own BCM, central BCM Team to help… 10

  11. Starting it right • Regular Top Management interest and involvement…not just a one-time, but review and follow up till the very end • Let your teams be clear that this is an important initiative, and it must be done well • Select your best people for the BCM responsibility…not just those who are available and free • Recognize and Reward as a formal process. 5% of their KRA? • Meeting the project timelines is most critical 11

  12. Starting it right Clear Ownership and roles definition: • Senior BCM Sponsor to clear roadblocks • BCM Steering Committee to validate and sign off • BCM Head to support, keep track, ensure, escalate • BCM Team to help the Departments get it right, as partners • BCM department champions to be the BCM Leads within their units • Department Heads accountable for BCM implementation in their units • Operational team to implement those strategies and plans 12

  13. Starting it right • Train your people just in time – not too early, not too late. Ideally a few days before the activity is to be performed Training is needed for EACH activity: – Policy writing – BIA, – Risk Assessment – BCM – Recovery Strategy creation – Plan Writing – Plan implementation, – Testing and exercising – etc etc… • Training and Awareness is needed for each level (Senior Mgt, Tactical, Operational), and for all staff/suppliers/partners) 13 •

  14. Starting it right • Clear project plan with pre-agreed signoff dates, based on Steering Committee availability • Tracking and monitoring in monthly management meeting • Escalation to BCM Sponsor to resolve issues and conflicts • Quick sanction of budget and resources for any needed BCM strategies. BIA can be used to justify the needed spend…. • Department Heads to be responsible to keep ready their BCM plan including needed Recovery strategies • BCM Awareness across the organisation – to help embed the BCM effort, including escalation of potential incidents 14

  15. Starting it right • Signed off testing and exercising schedule, department owned. Agreed Management Review process, to ensure ongoing oversight. Pre-agreed annual review process and dates • Agreed Incident log, to capture learnings and improve the BCM System • BCM Trained Audit team, as an independent control • BCM Automation software to make ease the maintenance and updation process. And also for tracking, monitoring and reminders • Notification software, to ensure mass communication within seconds via SMS, automated call, email, social media etc 15

  16. Thank you! Dhiraj Lal - +971 52 9263933 Executive Director Continuity and Resilience *dhiraj.l@continuityandresilience.com  www.coreconsulting.ae Continue to know more about CORE… 16 15

  17. About CORE Our Range of Specializations in Consultancy & Training cover: Sustainability Information Security IT Service Management Project Management Quality Crisis Management Crisis Communications Business Continuity Disaster Recovery Cyber Security • • • • • • • • • • Global Experience Our Partnerships Country India USA Canada UK Europe Africa Middle East Institutions Industry Financial Services Telecom Manufacturing Airlines Trading Oil and Gas Government • • • • • • • Business Continuity Institute (BCI) – UK for offering BCM Certification Intertek and Bureau Veritas –for offering ISO 27001/ ISO 22301 courses American University of Ras Al Khaimah – for offering certification courses • • • • • • • . • • • 17

  18. Our Services We are a firm that specializes in the complete Resilience cycle, offering Consulting, Assessments, Trainings and Certification Services for organizations in both the public and private sectors. We too are certified ISO 22301:2012 firm. Information Technology Disaster Recovery Management Analysis Crisis • Gap Assessment • Business Impact Analysis • Risk Assessment Crisis Communication Crisis Management Trainings Testing & Exercising IT Disaster Recovery Trainings Testing & Exercising Policy and Project Management Embedding Business Continuity Design & Implementation • Continuity and Recovery Strategies • Crisis Management • Incident Response Structure • Business Continuity Plan • Crisis Management Plan • Incident Management Plan Consulting Implementation Audits Maturity Assessment Trainings Testing & Exercising ISMS and Cyber Services • GRC • Managed Security Services • Trainings Validation • Training and Awareness • Exercising and Testing • Audits Business Continuity Management Continual Improvement 18

  19. How are we different? 3 1 2 We have professionals organizations trained over 2000 from 500 We conduct public and inhouse workshops for BCM Training and Professional Certifications and help organisations run Crisis Management and Table Top exercises and simulations Our consultants have performed approximately 80 mandays of ISO 22301 / assessments BS 25999 4 We certified company are an ISO 22301 19

  20. How are we different? (Contd.) 7 5 6 Many of our clients have been certified to ISO 22301 / BS25999, based on our consulting for them Our consultants are experienced BCM professionals who held senior management mostly as heads of functions positions Our consultants have over 140 + man years experience ranging geographies and industries of collective accross 8 Most of our consultants hold multiple certifications in BCM and other related domains 20

  21. Cyber Security / Information Security • Corporate Instructor Led Trainings • Cyber Attack Simulation Exercise • Customised training for Corporate • Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC) Capacity Building & Skill Dvlp • Governance, Risk & Compliance • CERT & CSIRT (BOMT Model) • Forensics & Investigations / VAPT • Gap Analysis / Health Checks & Pre Audit Services Professional Services • CSIRT as a Service • SOC (remote, BOMT/O&M) • Predictive Security through Threat Hunting & Counter Threat Intelligence • Forensics & Investigation Services Managed Security Services • Confront & Denial of Operations Area through Smoke Screen • Forensics Workstation & DDoS Protection Tool • Employee Forensics & Monitoring Tool • Mobile Device Management & Mobile Data Security Products 21

  22. Consulting The salient points that will be covered by CORE BCM consulting are illustrated below : Benefits Initial Assessment & Interview Senior Management Current State Assessment Roadmap Documentation Review Industry Benchmarking Initial Implementation Review Assessment Maturity Assessment Assessment Report BCM Program Management Plan Implementation Focus on high priority items Consulting Assignment Operationalize the BCMS Business Impact Analysis Implementation Identify potential threats & take measures to mitigate impact Risk Assessment Effective & coordinated response during crisis in order to minimize decision points at the time BC Strategy & Response Operationalize the Testing Validation of documented steps Exercising BCMS Assurance & long term sustainability Performance Evaluation Continual Improvement 21 22

  23. Trainings Public Programs In-house Workshops Tailor-made • Global Certifications like BCI, IRCA • CORE Certifications • Global Certifications like BCI, IRCA, • CORE Certifications • Customized to clients • Specialized coverage • Awareness Education • Simulated Exercises 23

  24. Some of our Trainings • Cyber Attack Simulation Exercise • ISO27001 on the ground implementation workshop • Crisis and Disaster Management Simulation Exercise • Senior Management Awareness workshops • ISMS and BCMS coordinators training workshops • BCI-UK certified GPG workshops (leading to CBCI) • Certification aspirants workshops for CISSP, CISA, CISM and CRISC • ISO 27001 and ISO22301 Lead Auditor training • ISO 31000 Risk Management and IT Disaster Recovery Certification 24

  25. Tools Support CORE acts as a conduit between the partner & client by providing support for: • Gather requirements • Shortlist Vendors • Subject matter expertise for tool selection • Perform Vendor Demos • Tool installation & implementation support for BC, ITDR & Notification • Assistance during tool testing Benefits 25

  26. E-learning Support Benefits of E-Learning for our clients: • Higher coverage • Consistency in communication • Higher learning retention • Learn at your own pace, anytime and anywhere • Latest and most updated course ware always available • Cost effective as against class room based training • Saves paper reduces carbon foot print Management IT Service Continuity Business 6 2 Crisis Management Sustainability 1 7 26

  27. Some of Our Consulting and Training Clients 27

  28. Our 2017 Summits 28

  29. End of presentation…… Thank you! Dhiraj Lal - +971 52 9263933 Executive Director Continuity and Resilience *dhiraj.l@continuityandresilience.com  www.coreconsulting.ae 29 15 28

More Related