International Trends in Business Continuity

& Emergency Response

Presented by Director of Global Operations

Chloe Demrovsky of DRI International

For Continuity Insights

November 13, 2012

- 2 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

DRI International

A Global Non-Profit Organization founded in 1988

The Industry’s Premier Education & Certification Program Body

Committed to:

- Promoting a base of common knowledge for the continuity management industry

- Certifying qualified individuals in the discipline of Business Continuity

- Promoting the credibility and professionalism of certified individuals

- 3 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

• DRI has Certified INDIVIDUALS in over 100 Countries

• DRI conducts training courses in over 45 countries

• Since 2009, DRI taught more students outside the US than within the US

• More individuals are certified by DRI International than all other

organizations in our industry combined (Over 9,600 active individuals as of

October 2011)

• Since 1988, more than 25,000 individuals have held a DRI certification

• DRI Certifies individuals in English, Spanish, French, Italian, Japanese,

Mandarin and Russian

• DRI International teaches in English, French, Spanish, Portuguese,

Mandarin, Japanese, Italian and Russian

DRI International – Truly International

APEC: Only

Business Continuity

Certification

Recognized by the

Asian Pacific

Economic

Cooperation

DRI Canada is a member

of the Technical

Committee for the CSA

Z1600 Standard for

Emergency

Management &

Business Continuity

Japan: Signatory to

Japanese Joint Aid

Agreement

Singapore: Official

BCM education

partner for the

government-

sponsored

Singapore Business

Federation

Malaysia: Annual

DRI conference in

collaboration with

the Ministry of

Science,

Technology and

Innovation’s

Cyber Security

Malaysia to

promote BCM

UAE: Member of

Standards Committee

Advisory Team

Europe: Presented at

the Interparliamentary

Center for

Parliamentary Studies

(Belgium) and IV BSI

Conferencia de

BS25999 (Spain)

DRI International

Standard cited by

Financial

Industry

Regulatory

Agency (FINRA)

& NFPA1600

DRI International – Truly International

- 5 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

• Chaired the Alfred P. Sloan Committee that drafted the Framework for Preparedness

that has been the foundation for the Title IX Implementation

• Meeting with Special Assistant to The President for Homeland Security Standards

Policy

• Member of:

• U.S. Chamber of Commerce Homeland Security Task Force

• Council of Experts for ANSI-ANAB who will set the credentialing standard for

certifying bodies for PS-Prep

• FEMA National Advisory Council Private Sector Subcommittee

• Advisory Committee for Congressionally funded Project for National Security

Reform

• National Preparedness Month Coalition

Government Organization Collaboration

United States

- 6 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

DRI International

Non-Governmental Organization Collaboration

• ASFHS – Education and Sponsorship

• CPE – Sponsorship

• ACP – Sponsorship

• CPM – Joint Sponsorship

• Safe America

• Habitat for Humanity

• Second Harvest

• The Mahila Partnership

Other Partnerships

• Member of the NFPA 1600 Technical

Committee

• Member of the BS25999 – ASIS Technical

Committee

• Participant RIMS (Risk Insurance Managers

Society) PERK (Professional Exchange of

Risk Knowledge) Program

• Cooperative Education Credit Sharing with

ISACA (Information Systems Audit and

Control Association)

• Cooperative Education Credit Sharing with

IC2

• Audit Course Development and Training for

Auditors with NFPA (National Fire Prevention

Association)

Non-Government Collaboration

- 7 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

BCM Programs led by DRI Certified Professionals

Deloitte & Touche

Booz Allen

PricewaterhouseCoopers

Ernst & Young

KPMG

Marsh

Accenture

Navigant

Computer Sciences

Corporation

IBM

Johnson Consulting

Jefferson Wells

EDS

Protiviti

SAIC

Perot

EDS

SunGard

AIG

Morgan Stanley

American Express

AG Edwards

Citigroup

Wells Fargo

Bank of America

Wachovia

Washington Mutual

JPMorgan Chase

Nationwide

Fidelity

Vanguard

Merrill Lynch

Franklin Templeton

VISA

NY Life

Pfizer

Goodyear

Genetech

Georgia Pacific

Nokia

Hitachi

Verizon

Shering Plough

Fujitsu

AT&T

BP

Sprint

Chevron Texaco

Ericsson

Raytheon

Siemens

Starbucks Coffee Company

Nestle

Toyota

Target

Corning

ConocoPhillips

Starwood Hotels & Resorts

American Airlines

Pitney Bowes

Northrop Grumman

General Dynamics

Unilever

Coca-Cola

Caterpillar Inc.

Pepsi-Cola

Anheuser Busch Inc.

Monsanto

Sun Microsystems

NC State

Ace Hardware Corporation

Blockbuster Inc.

The University of Texas

Penn State

Columbia

Yale

Northwestern

University of Illinois

University of Miami

Vanderbilt

DePaul

University of Oklahoma

Carnegie Mellon

LSU

Michigan State

Drexel University

George Washington University

University of Connecticut

NC State

University of South Carolina

Ohio State

US Senate

State of Oklahoma

City Of Austin Texas

NYC Housing Authority

US Army

Department Of Energy

Oregon State Treasury

State Of California

Dept. of the Air Force

City of Philadelphia

Federal Reserve

State Of Ohio

US Navy

FBI

IRS

Department of Veterans Affairs

Port Authority of NY & NJ

State of Minnesota

U.S. Nuclear Regulatory

Commission

U.S. Treasury

- 8 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

DRI International Outreach

International Publication

Charitable Giving

International GlossaryNew

for

2012 Create with International Committee

of Volunteers

Publish in multiple languages

Invite National Standards Committees to contribute

Conferences

Reasons for Business Continuity

- 10 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Impressions from Hurricane Sandy

Social Media Activity

Evacuation Response

• Fastest news source

• Scares

• Applications

• Volunteer organization

• Risk Resistance

• Hurricane Irene

“The tolerance that individuals and groups have developed

over time for specific risks influences the way they assess and

respond to them. Living with a risk leads individuals and

communities to take it for granted and discount it, whereas

unfamiliar risks are viewed with far greater concern”

•Learning from Catastrophes, Howard Kunreuther

- 11 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Reasons for Business Continuity

Business continuity director: The Sept. 11 attacks, major natural disasters,

the SARS outbreak, and the threat of a pandemic have made more

companies take seriously the need for "preparedness planning.“

Continuity plannerIn the wake of 9/11, Hurricane Katrina, the 2004 Asian Tsunami, and the 2007 California wildfires, creating a business backup plan has become more crucial than ever. Continuity planners -- individuals trained to help prevent and manage emergency disaster situations -- are increasingly in demand across both government offices and private companies. "Companies learned a hard lesson after 9/11, that they have to plan for disasters not only in their own locality," says Dr. Matthew Liotine, director of the emergency management and continuity planning certificate program at the University of Illinois-Chicago.

Professionals trained in the field can find positions within both large and midsize companies as well as in government agencies, the Department of Homeland Security being one of the largest employers of continuity planners. Along with a bigger job market for continuity planners is also a bigger paycheck, says Liotine. According to a survey conducted by BC Management, a California-based firm that specializes in recruiting and placing continuity and disaster relief personnel, certified business continuity planners earn an average compensation package

(including benefits and bonuses) of over $100,000 per year.

`

- 12 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Reasons for Business Continuity

- 13 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

2011 – The Worst of Years

- 14 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

2011 – A Year of Proving Our Mettle

• DRI International Had A Record Year for Certification

• Overall Growth of 34% vs. 2010

• Domestic Growth of 20% vs. 2010

• International Growth of 74% vs. 2010

• 2012 Certification is Up vs. 2011

- 15 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Reasons for Business Continuity

•Pressure from audit committees

•Pressure from financial institutions

•Pandemic concern

•New threats & risks since 9/11

•Demands from customers

•Increased regulatory and

self-regulated requirements

•Loss of customers or inability to attract

new customers

•Loss of revenue

•Decrease in stock value

•Increase of insurance premiums

•Loss of assets and employees

•Regulatory sanctions

External Drivers Impacts

- 16 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

• Risk Management

• Identifies Threats (Facility, Environmental, Climatic, Geopolitical, Personnel, Business, Technology, etc)

• Recommends Mitigation

• Probability

• Cost of Mitigation

• BCM

• What are the Implications of failing to mitigate or prevent

• Preparation

• Structure, planning, resources, testing

• Execution

• Relocation, operating under duress

Business Continuity and Risk Management

Cause vs. Effect

- 17 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Combining Disciplines

Under the banner of

Business Continuity Management

Business Continuity (Relocation)Disaster Recovery

(IT Recovery and Continuity)

Emergency Response Crisis Management

Integrated Solution

- 18 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Customer-Involved

- 19 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

What drives business continuity?

• Unique competitive advantage1

The Regulatory Landscape

Consumer Credit Protection Act

OMB Circular A-130

FEMA Guidance Document

Paperwork Reduction Act

ISO 27002 (Previously ISO17799)

FFIEC BCP Handbook

Computer Security Act

12 CFR Part 18

Presidential Decision Directive 67

FDA Guidance on Computerized Systems

used in Clinical Trials

ANSI/NFPA Standard 1600

Turnbull Report (UK)

ANAO Best Practice Guide (Australia)

SEC Rule 17 a-4

FEMA FPC 65

CAR

JHACO

Pre-9/11

1991-2001

Sarbanes-Oxley Safety Act of 2002

HIPAA, Final Security Rule

FFIEC BCP Handbook -2003/ 2008

Fair Credit Reporting Act

NASD Rule 3510

NERC Security Guidelines

FERC Security Standards

NAIC Standard on BCP

NIST Contingency Planning Guide

FRB-OCC-SEC Guidelines for

Strengthening the Resilience of US

Financial System

NYSE Rule 446

California SB 1386

Australia Standards BCM Handbook

GAO Potential Terrorist Attacks

Guideline

Federal and Legislative BC

Requirements for IRS

Basel Capital Accord

MAS Proposed BCP Guidelines (Singapore)

NFA Compliance Rule 2-38

FSA Handbook (UK)

BCI Standard, PAS 56 (UK)

Civil Contingencies Bill (UK)%

FCD-1/2

NYS Circular Letter 7

ASIS

State of NY FIRM White Paper on CP

NISCC Good Practices (Telecomm)

Australian Prudential Standard on BCM

Bank Act and the Trust and Loan Companies Act -

Canada

HB221, HB292

BS25999

SS507 – SS540

TR19

CA Z1600

ISO/PAS 22399

HiTech Act of 2009

NZ 5050

ISO22301

FINRA 4370

SEC - Compliance Programs

Dodd-Frank Wall Street Reform Act

NFPA:2010-2013

DRI’s 10 Professional Practices

Title IX – 110-53

Post-9/11

2002-Present

- 22 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

The DRI Standard

• Project Initiation and Management

• Risk Evaluation and Control

• Business Impact Analysis

• Developing Business Continuity Strategies

• Emergency Response and Operations

• Developing and Implementing Business Continuity Plans

• Awareness and Training Programs

• Maintaining and Exercising Plans

• Crisis Communications

• Coordination with External Agencies

Download the full text for free on our website: www.drii.org

DRI International is an ANSI-Accredited Standards Development Organization

The Ten Professional Practices for Business Continuity Professionals

- 23 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

•Critical Infocomm Technology Resource Programme (CITREP), a program of the Infocomm Development Authority, creates $30 million grant

•Objective: accelerate the development of emerging, critical and specialized ICT skills to meet Singapore's IT manpower needs.

•can apply for CITREP Expanded funding support for endorsed courses and certifications.

- 25 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

ISO 22301

Percentage of respondents to our survey who state that

they are considering conforming to ISO 22301

Public/Private Collaboration

- 27 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Convergence

Why is public/private convergence important?

•“In the US, 85% of all government resources are provided by the

private sector” – Richard Reed Special Assistant to the President for

Homeland Security Policy

•Effective response requires a coordinated effort

•We must adapt an end-to-end resource model

- 28 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Roles During Business Recovery

• Provide Secured

Access to Affected

Areas

• Provide Traffic Control

• Control Volunteer &

Goods Contributions

•Initiate Recovery

Activities

•Interface to Vendors &

Suppliers

•Control Staff Usage

•Communications

•Restore Operations

•Notify Insurance

Company

Public Sector Private SectorPrivate & Public

Sectors

•Update Access Control

•Maintain

Communications Status

•Communicate

Command & Control

Issues

•Transition to Private

Sector Control

Recovery - Relocation

- 29 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Toward More Integrated Public–Private Sector Response

• Communications

• Reverse 911 (voice and/or text) – Subscription

• Local Government Notification of Incidents

• Weather Alerts

• Accident Alerts

• Testing Activities

• Web Sites – Social Media

• Government Advisories

• Government Preparedness Bulletins

• Government Training Resources

Convergence

- 30 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Government Outreach - US

- 31 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Government Outreach - UK

- 32 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Government Outreach - China

- 33 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Government Outreach - UAE

- 34 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Public/Private Partnership Activities

Toward More Integrated Public–Private Sector Response:

• Drills

• Natural Disasters

• Earthquakes

• Floods

• Hurricane

• Sand Storms

• Industrial

• Toxic Leaks

• Oil Explosion

- 35 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Public – Private Sector Drills - Canada

EA

R

T

H

Q

U

A

K

E

- 36 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Public – Private Sector Drills - US

EA

R

T

H

Q

U

A

K

E

- 37 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Public – Private Sector Drills - Japan

EA

R

T

H

Q

U

A

K

E

- 38 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Public – Private Sector Drills – Singapore/Indonesia

FL

O

O

D

- 39 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Public – Private Sector Drills – US

HU

R

R

I

C

A

N

E

- 40 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Public – Private Sector Drills – India

IN

D

U

S

T

R

I

A

L

- 41 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Government Observing Private Sector:

Private Sector Initiatives

Craig Fugate says he realized

the need to work with

businesses when he oversaw

emergency management in

Florida. After hurricanes he

watched retailers bring in

generators and resume

business faster than his own

teams could provide

substantial help to many

residents. “We couldn’t get

where we needed to go,”

Fugate says. “The private

sector was better at it than

we were.”

- 42 - Pro

pert

y o

f D

RI

Inte

rnatio

nal

Forums

Public / Private Sector Forums:

• Create Open Dialogue

• Exchange Ideas

• Understand Each Others Point of View

• Ultimate Goal: Better Preparedness – Better Response

For more information visit:

http://driconference.org/

Or email: cdemrovsky@drii.org

Thank you and…