business continuity - wespay · 2018-09-18 · business continuity management includes three key...
Post on 26-Jul-2020
2 Views
Preview:
TRANSCRIPT
THE PAYMENTS INSTITUTE — July 22-25, 2018
Emory Conference Center Hotel, Emory University, Atlanta, Georgia
Nell Campbell-Drake, VPRetail Payments Office
Federal Reserve Bank of Atlanta
Business Continuity Are You in Shape to Handle that
Unexpected Event?
2017 Natural Disasters
California Wild Fires
2017 Natural Disasters
Mexico Earthquakes
2017 Natural Disasters
U.S. Hurricanes
2017 Natural Disasters
Metro City Flooding
2017 Infrastructure Disasters
Mero Atlanta
Highway Collapse
Malware found on servers that
processed payments mage at
onsite restaurants and bars
Weak point in website software
that exposed sensitive data of over
143M consumers (i.e. social
security numbers, drivers license
numbers
Exposed customer information
in plain text on website (i.e.
email addresses, phone
numbers, IP addresses
Phishing scam seeking to gain
access to accounts through a
third party app
IRS data retrieval tool hacked
impacting approximately 100K
taxpayers with personal
information potentially stolen
2017 Data Breaches
© 2018 - Materials are not to be used without consent. 7
Make something happen
When an unexpected situation occurs, what
position do you want to be in?
Wait for something to happen
Wonder what happened
© 2018 - Materials are not to be used without consent. 8
• Business Continuity Management Process
• Components of Business Continuity Plan
• Getting Started
• Readiness Process
• Risk Assessment Process
• Key Indicators
• Social Media
Content
© 2018 - Materials are not to be used without consent. 9
Business continuity management includes three
key layers and a crisis communication process.
Business Resumption Planning
The process initiated to resume
business operations to a level
consistent with the business
requirements.
IT Disaster Recovery Planning
The recovery of information
technology processes, systems,
applications, databases, and
network assets used to support
critical business processes.
Crisis Management:
A series of actions taken to gain control
of the event quickly to minimize the
affects of an interruption and prepare
for recovery.
© 2018 - Materials are not to be used without consent. 10
Components of a Business Continuity Plan
© 2018 - Materials are not to be used without consent. 11
So, what’s included in a business continuity plan?
© 2018 - Materials are not to be used without consent.
Overall ProgramBusiness Impact assessment
Threat and Risk Assessment
Documentation Update Schedule
Test/Training
Follow-up/Action Items
Business ResumptionBusiness Resumption Plans
Contact Lists
Mock Exercises
Alternate Site Contacts
Technology
IT Disaster RecoveryIT Recovery Plans
Contact Lists
Disaster Recovery Strategy
Disaster Recover Test Scripts
Crisis ManagementCrisis Management Team
Crisis Management Plan
Contact Lists
Mock Exercises
12
• Succession plan for senior executives
• Location of evacuation plans
• Alternate means of communication
• Partnerships with local emergency response teams
• List of critical equipment, vital records and back-up data location(s)
• List of vendors/suppliers, along with emergency contact information
A few supreme basics in a business continuity
plan
© 2018 - Materials are not to be used without consent. 13
Getting a Business Continuity Plan Started
© 2018 - Materials are not to be used without consent. 14
• Identifies the organization’s most crucial systems and process and the effect a service disruption will have on the business
Business Impact Analysis
• Defines the organization’s focus in handling key business matters during disruptions from man-made to natural disasters
Mission Statement
How to get started in creating a business
continuity plan
© 2018 - Materials are not to be used without consent. 15
Business Impact
Analysis
THREE key steps in completing a Business Impact
Analysis
Step 1 Identify the business activities of your organization
Step 2 For each activity, assess what the realistic timeframe is before
there would be an impact if the activity could not be performed
Step 3 For each activity, assess what the realistic impact is against
prescribed factors if that activity could not be performed
© 2018 - Materials are not to be used without consent. 16
Mission Statement
FOUR questions to help in creating a great Mission
Statement
1. What do we do?
2. How do we do it?
3. Whom do we do it for?
4. What value are we bringing?
© 2018 - Materials are not to be used without consent. 17
Readiness and In Action
© 2018 - Materials are not to be used without consent. 18
Planning People Partnerships Practice
Coordinator
Impact Analysis
Impact Needs
File Back-Up
Trigger Points
Communication
Employee Welfare
Education
Business Partner
Community
Partner
Test, Test, Test
The Four “P’s in a Pod to readiness
© 2018 - Materials are not to be used without consent. 19
Planning
Network Recovery Timeline
Equipment
Alternate Location
Emergency Center
Work Area
Mobile Site
Recovery Time
Recovery Point
Readiness points for “Back in Action”
© 2018 - Materials are not to be used without consent. 20
A Look into the Risk Assessment Process in
Creating a Business Continuity Plan
© 2018 - Materials are not to be used without consent. 21
Potential Enterprise Risk Factors:
Operational risk
Revenue risk
Systemic risk
Technical risk
Reputational risk
Good will risk
Personal safety risk
Risk Factors
© 2018 - Materials are not to be used without consent. 22
External factors that can potentially create “Enterprise Risks”:
Natural disasters
Failure of business partners
Vendor/supplier debacles
Public utility challenges
Transportation problems
Telecommunication challenges
Nooooooo….
Risk Factors
© 2018 - Materials are not to be used without consent. 23
Key Indicators and Their Importance in the
Planning Process
© 2018 - Materials are not to be used without consent. 24
Performance and Risk indicators are key
components of business continuity
management processes to aid in
establishing specific metrics for analyzing a
credible business continuity/disaster
recovery plan.
Key Performance Indicators
(KPI) – measures how well
something is being done
Key Risk Indicators (KRI) –measures possibility of future
adverse impacts
KPI versus KRI
© 2018 - Materials are not to be used without consent. 25
Key Risk Indicator - KRI
Categories
of Risks
Disruptors
Technology
Demographics
Regulatory
Operational
StrategicDemand shortfalls
Competition
Management change
Regulation
OperationalIT issues
Supply-chain issues
Employee fraud
Non-compliance
ExternalWeather issues
Partnership issues
Legal matters
Industry crises
FinancialAsset losses
Liquidity crises
High interest rates
Improper forecasting
Components of the KRI process
© 2017 - Materials are not to be used without consent. 26
Objectives for testing the plan –
1. Familiarize staff with content of the plan
2. Evaluate the clarity of the plan
3. Ensure details of the plan are accurate
4. Identify any vulnerabilities
5. Ensure external stakeholders are familiar with components of the plan
6. Ensure resources stored off-site are accurate and sufficient
7. PRACTICE MAKES PERFECT!
People
Process
Technology
Is there really a need to test the plan?
© 2018 - Materials are not to be used without consent. 27
Social Media Component
© 2018 - Materials are not to be used without consent. 28
• Social Media Uses
– Marketing and advertising
– Customer support
– Press communications
– Employee communications
– Information gathering
• What to include
– Goals for social media
– Social media recovery guidelines
– Success measurements
Role of social media in business continuity
© 2018 - Materials are not to be used without consent.
29
• Identify community/platforms of interest
• Listen to the conversation
• Identify influencers, ambassadors and advocates
• Identify adversaries and critics
• Look for cycles, patterns and keywords
Key points for engagement in social media
© 2018 - Materials are not to be used without consent. 30
Wrap-Up: Lifecycle
© 2018 - Materials are not to be used without consent. 31
Here’s a LIFECYCLE to remember!
Know Your Business
Assessment
Develop Your Plan
Planning
Implement Your Plan
Execution
Maintain Your Plan
Practice
© 2018 - Materials are not to be used without consent. 32
So, get ready to stay ready!
Make, Wait or Wonder – it’s your call!
© 2018 - Materials are not to be used without consent. 33
© 2018 - Materials are not to be used without consent. 34
top related