Upload
lekhanh
View
213
Download
0
Embed Size (px)
Citation preview
International Trends in Business Continuity
& Emergency Response
Presented by Director of Global Operations
Chloe Demrovsky of DRI International
For Continuity Insights
November 13, 2012
- 2 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
DRI International
A Global Non-Profit Organization founded in 1988
The Industry’s Premier Education & Certification Program Body
Committed to:
- Promoting a base of common knowledge for the continuity management industry
- Certifying qualified individuals in the discipline of Business Continuity
- Promoting the credibility and professionalism of certified individuals
- 3 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
• DRI has Certified INDIVIDUALS in over 100 Countries
• DRI conducts training courses in over 45 countries
• Since 2009, DRI taught more students outside the US than within the US
• More individuals are certified by DRI International than all other
organizations in our industry combined (Over 9,600 active individuals as of
October 2011)
• Since 1988, more than 25,000 individuals have held a DRI certification
• DRI Certifies individuals in English, Spanish, French, Italian, Japanese,
Mandarin and Russian
• DRI International teaches in English, French, Spanish, Portuguese,
Mandarin, Japanese, Italian and Russian
DRI International – Truly International
APEC: Only
Business Continuity
Certification
Recognized by the
Asian Pacific
Economic
Cooperation
DRI Canada is a member
of the Technical
Committee for the CSA
Z1600 Standard for
Emergency
Management &
Business Continuity
Japan: Signatory to
Japanese Joint Aid
Agreement
Singapore: Official
BCM education
partner for the
government-
sponsored
Singapore Business
Federation
Malaysia: Annual
DRI conference in
collaboration with
the Ministry of
Science,
Technology and
Innovation’s
Cyber Security
Malaysia to
promote BCM
UAE: Member of
Standards Committee
Advisory Team
Europe: Presented at
the Interparliamentary
Center for
Parliamentary Studies
(Belgium) and IV BSI
Conferencia de
BS25999 (Spain)
DRI International
Standard cited by
Financial
Industry
Regulatory
Agency (FINRA)
& NFPA1600
DRI International – Truly International
- 5 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
• Chaired the Alfred P. Sloan Committee that drafted the Framework for Preparedness
that has been the foundation for the Title IX Implementation
• Meeting with Special Assistant to The President for Homeland Security Standards
Policy
• Member of:
• U.S. Chamber of Commerce Homeland Security Task Force
• Council of Experts for ANSI-ANAB who will set the credentialing standard for
certifying bodies for PS-Prep
• FEMA National Advisory Council Private Sector Subcommittee
• Advisory Committee for Congressionally funded Project for National Security
Reform
• National Preparedness Month Coalition
Government Organization Collaboration
United States
- 6 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
DRI International
Non-Governmental Organization Collaboration
• ASFHS – Education and Sponsorship
• CPE – Sponsorship
• ACP – Sponsorship
• CPM – Joint Sponsorship
• Safe America
• Habitat for Humanity
• Second Harvest
• The Mahila Partnership
Other Partnerships
• Member of the NFPA 1600 Technical
Committee
• Member of the BS25999 – ASIS Technical
Committee
• Participant RIMS (Risk Insurance Managers
Society) PERK (Professional Exchange of
Risk Knowledge) Program
• Cooperative Education Credit Sharing with
ISACA (Information Systems Audit and
Control Association)
• Cooperative Education Credit Sharing with
IC2
• Audit Course Development and Training for
Auditors with NFPA (National Fire Prevention
Association)
Non-Government Collaboration
- 7 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
BCM Programs led by DRI Certified Professionals
Deloitte & Touche
Booz Allen
PricewaterhouseCoopers
Ernst & Young
KPMG
Marsh
Accenture
Navigant
Computer Sciences
Corporation
IBM
Johnson Consulting
Jefferson Wells
EDS
Protiviti
SAIC
Perot
EDS
SunGard
AIG
Morgan Stanley
American Express
AG Edwards
Citigroup
Wells Fargo
Bank of America
Wachovia
Washington Mutual
JPMorgan Chase
Nationwide
Fidelity
Vanguard
Merrill Lynch
Franklin Templeton
VISA
NY Life
Pfizer
Goodyear
Genetech
Georgia Pacific
Nokia
Hitachi
Verizon
Shering Plough
Fujitsu
AT&T
BP
Sprint
Chevron Texaco
Ericsson
Raytheon
Siemens
Starbucks Coffee Company
Nestle
Toyota
Target
Corning
ConocoPhillips
Starwood Hotels & Resorts
American Airlines
Pitney Bowes
Northrop Grumman
General Dynamics
Unilever
Coca-Cola
Caterpillar Inc.
Pepsi-Cola
Anheuser Busch Inc.
Monsanto
Sun Microsystems
NC State
Ace Hardware Corporation
Blockbuster Inc.
The University of Texas
Penn State
Columbia
Yale
Northwestern
University of Illinois
University of Miami
Vanderbilt
DePaul
University of Oklahoma
Carnegie Mellon
LSU
Michigan State
Drexel University
George Washington University
University of Connecticut
NC State
University of South Carolina
Ohio State
US Senate
State of Oklahoma
City Of Austin Texas
NYC Housing Authority
US Army
Department Of Energy
Oregon State Treasury
State Of California
Dept. of the Air Force
City of Philadelphia
Federal Reserve
State Of Ohio
US Navy
FBI
IRS
Department of Veterans Affairs
Port Authority of NY & NJ
State of Minnesota
U.S. Nuclear Regulatory
Commission
U.S. Treasury
- 8 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
DRI International Outreach
International Publication
Charitable Giving
International GlossaryNew
for
2012 Create with International Committee
of Volunteers
Publish in multiple languages
Invite National Standards Committees to contribute
Conferences
- 10 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Impressions from Hurricane Sandy
Social Media Activity
Evacuation Response
• Fastest news source
• Scares
• Applications
• Volunteer organization
• Risk Resistance
• Hurricane Irene
“The tolerance that individuals and groups have developed
over time for specific risks influences the way they assess and
respond to them. Living with a risk leads individuals and
communities to take it for granted and discount it, whereas
unfamiliar risks are viewed with far greater concern”
•Learning from Catastrophes, Howard Kunreuther
- 11 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Reasons for Business Continuity
Business continuity director: The Sept. 11 attacks, major natural disasters,
the SARS outbreak, and the threat of a pandemic have made more
companies take seriously the need for "preparedness planning.“
Continuity plannerIn the wake of 9/11, Hurricane Katrina, the 2004 Asian Tsunami, and the 2007 California wildfires, creating a business backup plan has become more crucial than ever. Continuity planners -- individuals trained to help prevent and manage emergency disaster situations -- are increasingly in demand across both government offices and private companies. "Companies learned a hard lesson after 9/11, that they have to plan for disasters not only in their own locality," says Dr. Matthew Liotine, director of the emergency management and continuity planning certificate program at the University of Illinois-Chicago.
Professionals trained in the field can find positions within both large and midsize companies as well as in government agencies, the Department of Homeland Security being one of the largest employers of continuity planners. Along with a bigger job market for continuity planners is also a bigger paycheck, says Liotine. According to a survey conducted by BC Management, a California-based firm that specializes in recruiting and placing continuity and disaster relief personnel, certified business continuity planners earn an average compensation package
(including benefits and bonuses) of over $100,000 per year.
`
- 14 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
2011 – A Year of Proving Our Mettle
• DRI International Had A Record Year for Certification
• Overall Growth of 34% vs. 2010
• Domestic Growth of 20% vs. 2010
• International Growth of 74% vs. 2010
• 2012 Certification is Up vs. 2011
- 15 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Reasons for Business Continuity
•Pressure from audit committees
•Pressure from financial institutions
•Pandemic concern
•New threats & risks since 9/11
•Demands from customers
•Increased regulatory and
self-regulated requirements
•Loss of customers or inability to attract
new customers
•Loss of revenue
•Decrease in stock value
•Increase of insurance premiums
•Loss of assets and employees
•Regulatory sanctions
External Drivers Impacts
- 16 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
• Risk Management
• Identifies Threats (Facility, Environmental, Climatic, Geopolitical, Personnel, Business, Technology, etc)
• Recommends Mitigation
• Probability
• Cost of Mitigation
• BCM
• What are the Implications of failing to mitigate or prevent
• Preparation
• Structure, planning, resources, testing
• Execution
• Relocation, operating under duress
Business Continuity and Risk Management
Cause vs. Effect
- 17 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Combining Disciplines
Under the banner of
Business Continuity Management
Business Continuity (Relocation)Disaster Recovery
(IT Recovery and Continuity)
Emergency Response Crisis Management
Integrated Solution
- 19 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
What drives business continuity?
• Unique competitive advantage1
Consumer Credit Protection Act
OMB Circular A-130
FEMA Guidance Document
Paperwork Reduction Act
ISO 27002 (Previously ISO17799)
FFIEC BCP Handbook
Computer Security Act
12 CFR Part 18
Presidential Decision Directive 67
FDA Guidance on Computerized Systems
used in Clinical Trials
ANSI/NFPA Standard 1600
Turnbull Report (UK)
ANAO Best Practice Guide (Australia)
SEC Rule 17 a-4
FEMA FPC 65
CAR
JHACO
Pre-9/11
1991-2001
Sarbanes-Oxley Safety Act of 2002
HIPAA, Final Security Rule
FFIEC BCP Handbook -2003/ 2008
Fair Credit Reporting Act
NASD Rule 3510
NERC Security Guidelines
FERC Security Standards
NAIC Standard on BCP
NIST Contingency Planning Guide
FRB-OCC-SEC Guidelines for
Strengthening the Resilience of US
Financial System
NYSE Rule 446
California SB 1386
Australia Standards BCM Handbook
GAO Potential Terrorist Attacks
Guideline
Federal and Legislative BC
Requirements for IRS
Basel Capital Accord
MAS Proposed BCP Guidelines (Singapore)
NFA Compliance Rule 2-38
FSA Handbook (UK)
BCI Standard, PAS 56 (UK)
Civil Contingencies Bill (UK)%
FCD-1/2
NYS Circular Letter 7
ASIS
State of NY FIRM White Paper on CP
NISCC Good Practices (Telecomm)
Australian Prudential Standard on BCM
Bank Act and the Trust and Loan Companies Act -
Canada
HB221, HB292
BS25999
SS507 – SS540
TR19
CA Z1600
ISO/PAS 22399
HiTech Act of 2009
NZ 5050
ISO22301
FINRA 4370
SEC - Compliance Programs
Dodd-Frank Wall Street Reform Act
NFPA:2010-2013
DRI’s 10 Professional Practices
Title IX – 110-53
Post-9/11
2002-Present
- 22 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
The DRI Standard
• Project Initiation and Management
• Risk Evaluation and Control
• Business Impact Analysis
• Developing Business Continuity Strategies
• Emergency Response and Operations
• Developing and Implementing Business Continuity Plans
• Awareness and Training Programs
• Maintaining and Exercising Plans
• Crisis Communications
• Coordination with External Agencies
Download the full text for free on our website: www.drii.org
DRI International is an ANSI-Accredited Standards Development Organization
The Ten Professional Practices for Business Continuity Professionals
•Critical Infocomm Technology Resource Programme (CITREP), a program of the Infocomm Development Authority, creates $30 million grant
•Objective: accelerate the development of emerging, critical and specialized ICT skills to meet Singapore's IT manpower needs.
•can apply for CITREP Expanded funding support for endorsed courses and certifications.
- 25 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
ISO 22301
Percentage of respondents to our survey who state that
they are considering conforming to ISO 22301
- 27 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Convergence
Why is public/private convergence important?
•“In the US, 85% of all government resources are provided by the
private sector” – Richard Reed Special Assistant to the President for
Homeland Security Policy
•Effective response requires a coordinated effort
•We must adapt an end-to-end resource model
- 28 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Roles During Business Recovery
• Provide Secured
Access to Affected
Areas
• Provide Traffic Control
• Control Volunteer &
Goods Contributions
•Initiate Recovery
Activities
•Interface to Vendors &
Suppliers
•Control Staff Usage
•Communications
•Restore Operations
•Notify Insurance
Company
Public Sector Private SectorPrivate & Public
Sectors
•Update Access Control
•Maintain
Communications Status
•Communicate
Command & Control
Issues
•Transition to Private
Sector Control
Recovery - Relocation
- 29 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Toward More Integrated Public–Private Sector Response
• Communications
• Reverse 911 (voice and/or text) – Subscription
• Local Government Notification of Incidents
• Weather Alerts
• Accident Alerts
• Testing Activities
• Web Sites – Social Media
• Government Advisories
• Government Preparedness Bulletins
• Government Training Resources
Convergence
- 34 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Public/Private Partnership Activities
Toward More Integrated Public–Private Sector Response:
• Drills
• Natural Disasters
• Earthquakes
• Floods
• Hurricane
• Sand Storms
• Industrial
• Toxic Leaks
• Oil Explosion
- 35 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Public – Private Sector Drills - Canada
EA
R
T
H
Q
U
A
K
E
- 37 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Public – Private Sector Drills - Japan
EA
R
T
H
Q
U
A
K
E
- 38 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Public – Private Sector Drills – Singapore/Indonesia
FL
O
O
D
- 40 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Public – Private Sector Drills – India
IN
D
U
S
T
R
I
A
L
- 41 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Government Observing Private Sector:
Private Sector Initiatives
Craig Fugate says he realized
the need to work with
businesses when he oversaw
emergency management in
Florida. After hurricanes he
watched retailers bring in
generators and resume
business faster than his own
teams could provide
substantial help to many
residents. “We couldn’t get
where we needed to go,”
Fugate says. “The private
sector was better at it than
we were.”
- 42 - Pro
pert
y o
f D
RI
Inte
rnatio
nal
Forums
Public / Private Sector Forums:
• Create Open Dialogue
• Exchange Ideas
• Understand Each Others Point of View
• Ultimate Goal: Better Preparedness – Better Response