business continuity management - core services
TRANSCRIPT
CORE Integrated Management Systems
Copyright Continuity and Resilience (CORE) 2014 V 1.01
Are you Prepared and Ready to Respond?
Capability Briefing
Who We Are?• We are a firm that specializes in Business Continuity and IT Disaster
Recovery domains, offering Consulting, Assessments and Trainings
Services and software solutions for organizations in both the public and
private sectors. We too are certified ISO 22301:2012 firm.
• Our work is based on global standard / framework, but suitably engineered
to meet the unique business needs of each client, by adopting the relevant
best practices, making it more practical.
• Our consultants are highly experienced, coming from different industry /
business background, enabling us to deliver high quality results and value
to our customers.
• We partner with industry-leading BCM tools like eBRP, Sunguard, Inoni,
etc., that will allow the customer to manage and maintain the BCM,
effectively with reasonable assurance.
• BCI Licensed Training Partner for India and Middle-East Regions.
2
Differentiators
3
About CORE• Continuity and Resilience (CORE) operates across a range of professional specializations in
Consultancy & Training covering:
• Crisis Management
• Crisis Communications
• Business Continuity
• Disaster Recovery
• We also assist organizations to implement and conform to corporate standards in these domains,
such as the ISO 22301, ISO27001, ISO9001, ISO14001 etc. We have partnered with British
Continuity Institute (BCI) – UK for offering BCM Certification and with British Computer Society
(BCS) – UK for offering the Green IT Certification.
• Our consultants and trainers have conducted a number of assignments for organizations based in
India, the USA, Canada, UK, Europe, Africa and the Middle East. We have vast experience and
expertise in consulting and training for a wide range of industry sectors like Financial Services,
Telecom, Manufacturing, Airlines, Trading Oil and Gas, Government Departments, FMCG,
Nuclear, etc.
• We strongly believe that there is no other company in the region that can demonstrate strong track
record of all these activities, at the highest level of expertise. Importantly, CORE is also ISO22301
certified – making CORE possibly the only BCM Service provider in the region which has
demonstrated its competence by getting certified in ISO22301, not to mention its track record of
helping its customers attain ISO 22301/ BS 25999 certification.
• Given our collective experience of over 100+ man-years, we have attained intimate knowledge
and specialization across various industries, geographies and cultures.
• Sustainability
• Information Security
• IT Service Management
• Project Management
• Quality
4
About CORE…… (contd.)
5
CORE
Our Leaders & CORE Team
Dhiraj LalNaseeruddin
MehdiDaman Dev
Sood
S Seshadri Andrew Hiles Kush Srivastav
Y Parthasarathy
Hatim BilalVinod Kumar
Nair
6
7
Dhiraj LalFBCS, MBCI, BS25999 / ISO 22301
Lead Auditor and Technical Expert,
CBCP, BCCE, CISA, ITIL
Dhiraj Lal is Executive Director and Principal Consultant of Continuity and Resilience(CORE). He is Asia’s first
BSI appointed Technical Expert for BS25999 / ISO 22301, and is also a BS25999 / ISO 22301 assessor. He
teaches the advanced level certification workshops in BCM and BS25999 / ISO 22301, and also consults in
implementation of BCM and BS25999 / ISO 22301. He has also been invited by the British Standards Institute to
participate in the audits of 2 of the first 10 organizations in the world to be awarded the BS25999 certification. He
was recently invited to present the 2nd Middle East Crisis and Disaster Management Conference in Abu Dhabi,
where he also ran a tabletop exercise on Crisis Management (Fire and Bomb scenario).
• Mr. Lal has worked previously for Agilent Technologies Limited, an organization promoted by HP. He was
also earlier the Senior Vice President and Practice Head for IT Service Excellence and Business
Continuity/Disaster Recovery with a reputed Consulting organization.
• Mr. Lal worked as the Director for Business Continuity Planning and Global Process Integrity at the
American Express Financial Centre; one of the first organizations to offer Back Office Processing services
for its US Operations. It was while Mr. Lal headed the function that American Express was awarded the ISO
9001 certification for its Business Continuity program.
• Mr. Lal spent 10 years with Citibank NA (where he was last Regional Head of Audit and Risk Review), and
5 years with Standard Chartered Bank in the Middle East.
Qualifications and Professional Affiliations
• Post Graduate in Management and holds a Bachelors degree in Chemical Engineering. Other than his
certifications as a Certified Business Continuity Professional (CBCP), Business Continuity Certified Expert
(BCCE) and Certified Information Systems Auditor (CISA).
• He is also holds certifications in ITIL and Six Sigma. He has also instructed for the Disaster Recovery
Institute in Asia and has regularly presented on Business Continuity and Disaster Recovery, at
Conferences, both in India and overseas.
• He is a contributing author to the “The Definitive Handbook of Business Continuity Planning”, which is one
of the most respected encyclopaedia on BCM.
8
Mehdi NaseeruddinCEOMaster of Science, CS Pace University, NY, USACBCI, CRISC
BCM, ERM, IA, PM, ITA
Mehdi Naseeruddin is a seasoned professional with over 14 years of Risk Management experience. He was theleader for Deloitte Bahrain's Enterprise Risk services (Cyber Security, Identity & Access Management, Privacy &Data Protection, Security Management & Transformation and Security Operations) and regional leader forBusiness Continuity Management & Resiliency services, and provided solutions for clients specializing in theFinancial Services Industry, Oil & Gas, Healthcare, Telecommunications and Media and Manufacturing industriesacross different geographic locations (United States, Australia and the Middle-East).
Mehdi also led the Project Risk Services practice for Deloitte Middle East, wherein he was in-charge of conductingproject risk assessments for varied industry clients, including Capital Projects, major IT implementations etc.
• Executed end-to-end Enterprise Risk Management (ISO 31000) and Business Continuity Managementframework (ISO 22301) implementations across different industries such as Telecommunications, FinancialServices, Manufacturing, Healthcare and PharmaceuticalOil & Gas, Media, Aviation, Nuclear, Central Banking, Retail Banking, Investment Banking, Public Sector,Mining and Minerals.
• He had been closely associated with some of the renowned names in the ME region, Emirates NuclearEnergy Corporation-UAE, Telstra-Australia.
• Optus-Australia, Zain-Bahrain, Central Bank of Kuwait-KuwaitMa'aden-KSA, Sabic-KSA, Liberty Mutual-USA, Jones Apparel Group-USA, NCBC-KSA, Bank of Bendigo-Australia, National Australia Bank-Australia, ANZ-Australia, Mubadala-UAEAramex-UAE, Ma'aden Phosphate Company-KSA.
• His specialties are Enterprise Risk Management (ISO 31000), Business Continuity Management (ISO22301 & BS25999), Disaster Recovery Planning, IT Audit Control Assurance, IT / IA Risk Assessment,Project Risk Management, Internal Audit (FSI, Aviation Industry), Integrated Management Systems (PAS99,ISO 2000, 27001,14001, BS 25999), Data Security and Privacy, Regulatory Compliance (PCI DSS, ITSOX, FFIEC, HIPAA ADSIC)
9
Daman Dev SoodFBCS, MBCI, SMIEEE, MAIMA, ISO 22301 LA & ExpertIEEE Ambassador Author: Green IT Maturity ModelCIO & Head - Sustainability Practice
As BCI’s Merit Award (Global) Winner 2012, Business Continuity Manager of the Year in BCI’s C&R Awards India
2009, Finalist in Parivartan Sustainability Leadership Awards 2014, and with over 29 years’ experience in the
Industry, Daman is currently the CIO and Head – Sustainability Practice at Continuity and Resilience. He has
earlier worked with Steria as Head Business Continuity Management (UK, India) & Head Green Activities (India).
Initially he worked with TCS for over 20 years in various roles and positions. He has rich experience in
Environmental Sustainability, Business Continuity Management, Business Excellence and Consulting (BCM,
Green IT, Quality/ Process/ Malcolm Baldrige). He is a Technical Expert & Lead Auditor for BS 25999 (Business
Continuity Management System). He is also an Energy Management Expert (ISO 50001). Daman is Accredited
Tutor for BCS “Foundation Certificate in Green IT” course. Daman is an ISO 22301 Lead Auditor and Expert.
• Daman is IEEE Ambassador, Fellow of the BCS (British Computer Society), Member of the BCI (Business
Continuity Institute), Senior Member of IEEE (Institute of Electrical and Electronics Engineers) and Chair
Computer Society Chapter of IEEE Delhi Section.
• He is member of AIMA (All India Management Association) and Member of DMA (Delhi Management
Association). He is Life Member of the CSI (Computer Society of India).
• Daman has traveled to or worked in Scotland, England, Netherlands, France, Zambia, USA, Indonesia,
Spain, Egypt, UAE, Oman , Iran, Mauritius, Sri Lanka, Qatar, Saudi Arabia and Singapore. He possesses
excellent mix of experience of a practitioner, trainer and consultant.
• He has delivered over 400 talks/ workshops in national and international events. Daman is also a
motivational speaker and has conducted over 30 sessions of Possibility Thinking workshop in TCS, Xansa,
Cambridge School, Institute of Vocational Training, Udayan Care NGO, and Arya Kanya Sadan – where
over 1000 people have benefited and have provided excellent feedback. He has been on panel at various
TV shows/ conferences/ seminars around Green/ BCM.
• Daman is currently member of the ASSOCHAM National Council on Climate Change and ASSCHAM
National Council on Environment & Safety. He has experience of working with CII (Confederation of Indian
Industry) for over three years as the Convener of the CSR Taskpanel working on Communities and
Disasters.
• Daman has the experience of convening/ coordinating/ advising national/ international conferences/
workshops.
S. SeshadriFBCS, MBCI, CBCP, M.Sc., CAIIB
LA – ISO 22301/ISO 27001/ISO 20000/ISO 9001
Head, IT DR & Service Management
Mr. S. Seshadri has work experience that spans about 39 years, in the domains of BCM, IT and Banking &
Financial Services. He was one of the pioneers in the IT Division of Canara Bank from 1984 till 1994 (post his
career in banking for about 10 years from 1975), heading their Main Frame Operations and Data Center. He
worked for 3 years with Bank Muscat as IT Head of the Bank’s Indian Operations. He has the unique advantage of
having extensive exposure to financial industry and IT/ITSCM/BCM domains, and also the technical details.
Mr. Seshadri has been engaged in full-time consulting and training for over 12 years now, and has delivered in
India and overseas a number of assignments and large implementations for organizations of size 50,000
employees and above. He has an in depth knowledge of:
• Business Continuity and IT Disaster Recovery, assisted organizations to implement BCM/IT DR, and has
also conducted Gap Assessments relating to BS25999/ISO 22301 framework.
• Project managed/delivered atleast 8 full lifecycle BCM projects in BS 25999/ISO 22301, in India and the
middle-east. He has helped our clients achieve ISO 22301 Certification.
• BCI, UK approved Instructor for their GPG 2013 5 day workshop leading to CBCI/MBCI certification for
individuals.
• Developed our 3-day IT Disaster Recovery workshop and has successfully delivered over 20 workshops in
India and the Middle East. He has delivered IT DR consulting to our clients, helping them build a resilient IT
for these customers.
• Participated in several BCM conferences and spoken on various emerging aspects of BCM and IT Disaster
Recovery. He has worked on enterprise projects relating to IT Service Management (ISO 20000) and
Information Security (ISO 27001). Apart from participating in the delivery of complex projects, he has
assisted quite a few companies in terms of re-positioning their products and services, as part of his
Management Consulting.
Qualifications and Professional Affiliations
• Post graduate in Mathematics from St. Joseph’s College, Trichy (erstwhile Madras University).
• Certified Associate of Indian Institute of Bankers.
• Formally trained in ITIL Foundation.
• BCM/ IT certifications
11
Kush Srivastava
BCCS, AMBCI, ISO 22301 Lead Auditor
Kush has been in the BCM Domain for over 10 years, starting off with Operations, and then finally adopting BCMas a full-time consulting career. He has been involved in Business Continuity and Disaster Recoveryimplementation, Assessment of resiliency of the organizations business continuity framework, establishment ofend-to-end Business Continuity framework at Organization level across industry & verticals, training of CrisisManagement teams, risk advisory services, optimizing BC Operations model, training & awareness workshops inconcepts of effective business continuity planning for Insurance companies, its implementation & risk assessment/ mitigation. He has specialized in customizing of Business Continuity solutions for optimal utilization oftechnology, human & other critical resources. He has extensive experience of identifying critical part ofOperations, verifying & validating Documentation, process flowcharts (Swim-lane format) and critical systems forBCP (mapping IT/Technology listing with Functional/Operational listing). The clientele comprises of leadingCommercial Banks, Micro Credit institution, Insurance Companies, auto manufacturers, etc
Kush has extensive expertise in continuous process improvement, Operations Reengineering, developing &motivating teams, manage multi-tasking, Business Process Mapping, and managing challenges on account ofChange Management.
• For one of his employers he was recognized from among 33,000+ global employees for focusedaccomplishments for client & employee retention – with an Award that recognizes Top 100 talent ofEnterprise headcount.
• He has the distinction of being selected in “Top 6 Business Continuity Managers in India” across Industriesat the 1st Business Continuity & Resilience Awards 2009, instituted by Business Continuity Institute, UK.
• He has been awarded “Exceptional Performance Award” for 1993, 1994 & 1995 as a banking professional.
Qualifications and Professional Affiliations
• The Associate Business Continuity Professional (ABCP) certification from DRI International US,
• The Business Continuity Certified Professional (BCCP) from BCMI Singapore, and is also an Affiliate Member of the BCI as well as an ISO 22301 Lead Auditor.
• Certifications in International Finance and Corporate & Management Laws.
• Commerce Graduate and did his Post Graduation with specialization in Finance.
• Formally trained in ITIL Foundation, He has a high exposure to and good understanding of the Middle East,
Trainings & Exercises
Audits & Maturity
AssessmentsConsulting
CORE’s Services Areas
Business Continuity
• Reducing the likelihood of occurrence and minimize the downtime by implementing the right recovery & continuity strategies to respond and recover the key activities of business following a catastrophic event, affecting the business and its assets as well as its’ suppliers.
IT Disaster Recovery
• Reducing the likelihood of downtime and implementing strategies to recover business critical activities, following the onset of a disaster, that affects the technical / technological infrastructure of an organization and its’ suppliers.
Crisis Management
• Reduce uncertainty in the event of a crisis, by identifying the potential threats to an organization and its stakeholders, by defining methods to deal with those and enable making decisions within a short timeframe.
We advice, facilitate, assess and train on:
13
Consulting - Advisory & Implementation
14
CORE’s Resiliency Services Areas
Our Consulting Services
RECOVERYCONTINUITYRESILIENCE
Governance
Business
Alignment
Strategies
& Plans
Implementation
People &
Process
Operating
Model
Regulations &
Standards
Policies &
Procedures
Auditing &
Compliance
Continuous
Improvement
Current State
Assessment
Industry
Benchmarking
Risk
Assessment
Business
Impact
AnalysisCrisis
Management
Emergency /
Incident
Response
Business
Continuity
ASSET
Recovery
(Buildings,
Equipment,
Technology,
Human Resources,
3rd Parties)
Business Continuity &
Emergency Management
Tools
Enterprise
Application
Recovery
Technology
Infrastructure
Resilience
Data Backup &
Recovery
Work Area
Recovery
Training &
Awareness
Testing &
Exercising
Change
Management
Co-Sourcing
Metrics &
Reporting
15
Governance
Activity Description Benefit
Operating Model
Create a governance structure and framework in a
systematic manner in tune with organization’s hierarchical
structure to align with, for effective management and
maintenance of the BCM Program, using the Project
Management Best Practices.
Helps an organization to build and sustain
on their current BCM capabilities as well
align the BCM goals with their business
goals with a long-term.
Regulations &
Standards
Prepare a list of all applicable laws and regulations,
compliance requirements from those laws, review the
contractual obligations and compliance mandates, to know
more on the mandatory needs of business, in terms of
compliance.
Help the businesses to clearly know the
expected compliance requirements and
obligations as well as to adhere to
contractual mandatory norms.
Policies &
Procedures
Policies provide a high-level directives for an organization
and its employees on the expectations against set norms.
Procedures help develop a systematic approach to
handle and respond to the situations in a structured
manner
Assure required level of Leadership buy-in
and support to set the context and tone
from the top, for alignment and adherence.
Auditing &
Compliance
Evaluate the effectiveness of the management system,
with a reasonable assurance to ensure that, the
requirements are in conformance of the base standard,
regulations, policies and procedures and a directives of
their stakeholders.
Support in indentifying the gaps and
measures to validate the effectiveness
and efficiency of the management system
Continuous
Improvement
Provides an assurance on the sustenance of the
management system, by addressing the identified gaps
and opportunities for improvement and non-conformances
by following a systematic methodology like PDCA.
Ensure driving the management system
towards the maturity for better alignment
of the business objectives and long-term
sustainability.
RECOVERYCONTINUITY
RESILIENCE
Governance
Business
Alignment
Strategies
& Plans
Implementation
People &
Process
Operating
Model
Regulations &
Standards
Policies &
Procedures
Auditing &
Compliance
Continuous
Improvement
Current State
Assessment
Industry
Benchmarking
Risk
Assessment
Business
Impact
Analysis
Crisis
ManagementEmergency /
Incident
Response
Business
Continuity
ASSET
Recovery
(Buildings,
Equipment,
Technology,
Human Resources,
3rd Parties)
Business Continuity &
Emergency Management
Tools
Enterprise
Application
Recovery
Technology
Infrastructure
Resilience
Data Backup &
Recovery
Work Area
Recovery
Training &
Awareness
Testing &
Exercising
Change
Management
Co-Sourcing
Metrics &
Reporting
16
Business Alignment
Activity Description Benefit
Current State
Assessment
Conduct “As Is Where Is” evaluation on the existing
system / process in place, to validate its conformity against
the best practice or standard selected for baseline.
Alignment with a industry specific or global
best practice standard providing
reasonable assurance on the
effectiveness of the system
Industry
Benchmarking
Perform a GAP and Maturity assessment to validate the
conformance of the said management system against pre-
defined benchmarking levels, specific to the industry the
organization is in.
Helps an organization to align with the
industry specific benchmarking (best
practices) to comply with it, for better and
overall alignment from the operations
point of view.
Business Impact
Analysis (BIA)
Examines the likely impacts of tangible and intangible
effects on business, by conducting a thorough and
detailed analysis on each and every function / department
of the business, its’ processes and activities within to
evaluate the impact of it, individually if not being
operational at different time levels and assess its impact
on the organization, to prioritize it from the recovery.
Assists an organization to focus on the
high-impacting activities / processes and
prioritize the recovery preparations within
the pre-defined timelines by proper
allocation of resources, minimizing the
impact on business.
Risk Assessment
(RA)
Identify the potential threats and its possible exploitation
opportunities on the weaknesses existing within the
prioritized activities (outcome of BIA) and deploy additional
controls / measures to reduce the likelihood of its
occurrence and/or minimize the impact, during the
disruptive situation.
Supports the organization to prepare in
advance the likely possibilities of threats
and practice the response and recovery
mechanisms for better sustenance,
anytime following a risk-based approach
to business.
RECOVERYCONTINUITY
RESILIENCE
Governance
Business
Alignment
Strategies
& Plans
Implementation
People &
Process
Operating
Model
Regulations &
Standards
Policies &
Procedures
Auditing &
Compliance
Continuous
Improvement
Current State
Assessment
Industry
Benchmarking
Risk
Assessment
Business
Impact
Analysis
Crisis
Management
Emergency /
Incident
Response
Business
Continuity
ASSET
Recovery
(Buildings,
Equipment,
Technology,
Human Resources,
3rd Parties)
Business Continuity &
Emergency Management
Tools
Enterprise
Application
Recovery
Technology
Infrastructure
Resilience
Data Backup &
Recovery
Work Area
Recovery
Training &
Awareness
Testing &
Exercising
Change
Management
Co-Sourcing
Metrics &
Reporting
17
Strategies and Plans
Activity Description Benefit
Crisis Management
Crisis Management and Emergency Response Plans are
the overarching crisis/incident management plans and are
designed to achieve effective co-ordination of the
organization’s resources to large scale and unusual
events to protect life, property and reputation (e.g.,
through effective internal and external communications,
and co-ordination with the local and international
regulators) during and immediately following any crisis
affecting the organization.
Assists the organization in defining roles
and responsibilities of the individuals who
will be instrumental in responding and
make decisions at the time of a crisis.
Furthermore, Crisis Communication plans
helps identify internal and external
stakeholders and document the
communication protocols between all
related parties.
Business Continuity
Business Continuity Procedures define the actions and
resources necessary to achieve the objectives of the
organization’s recovery strategy. The procedures will
provide guidance through clearly documented, defined,
action-oriented tasks. These will address what needs to
be carried out during a crisis in order to minimize decision
points at the time.
BC Procedures contain actionable tasks
with clear beginnings and end points to
report to operation center executives for
managing recovery-effort progress,
including identifying tasks to be
undertaken, teams to complete them,
team assignments and identifying the key
contacts, suppliers and resources
necessary to support the recovery.
Asset Recovery
Recovery strategies are developed based on our Asset
recovery strategy development model. We collaborate with
the organization to customize the asset recovery model,
containing an appropriate set of circumstances for which
business continuity management strategies should be
developed for your organization.
This model eliminates creating an
unmanageable single plan and helps
avoid an enormous number of event
specific plans, by focusing your strategies
and plans on the five key asset classes an
organization must protect and recover for
continued sustainability of any given
process. These are Workplace,
Equipment, Technology, People and Third
Party service providers.
RECOVERYCONTINUITY
RESILIENCE
Governance
Business
Alignment
Strategies
& Plans
Implementation
People &
Process
Operating
Model
Regulations &
Standards
Policies &
Procedures
Auditing &
Compliance
Continuous
Improvement
Current State
Assessment
Industry
Benchmarking
Risk
Assessment
Business
Impact
Analysis
Crisis
Management
Emergency /
Incident
Response
Business
Continuity
ASSET
Recovery
(Buildings,
Equipment,
Technology,
Human Resources,
3rd Parties)
Business Continuity &
Emergency Management
Tools
Enterprise
Application
Recovery
Technology
Infrastructure
Resilience
Data Backup &
Recovery
Work Area
Recovery
Training &
Awareness
Testing &
Exercising
Change
Management
Co-Sourcing
Metrics &
Reporting
18
People & Process
Activity Description Benefit
Training &
Awareness
To provide an awareness and training strategy within the
BCM framework - to help the BCM program
implementation team members facilitate awareness and
training by defining their roles and responsibilities within
the implementation process
Successful BCM program implementation
occurs when everyone involved in the
process is aware and equipped to fulfill his
or her BCM responsibilities. These
stakeholders succeed through a well-
planned set of activities targeted
appropriately to them.
Testing & Exercising
To provide guidance in delivering and supporting test
program initiatives - to introduce business process work-
area recovery testing, emergency communications testing
and desktop walk-through testing
Successful BCM program implementation
occurs when everyone involved in the
process is aware and equipped to fulfill his
or her BCM responsibilities. These
stakeholders succeed through a well-
planned set of activities targeted
appropriately to them.
Co-sourcing
At times, running a full fledged BCM program becomes
cumbersome and time consuming for organizations who
are strapped for resources, however are prudent to
understand the value BCM provides towards sustaining
their business in the aftermath of a crisis. In these
circumstances, organizations can benefit from co-sourcing
the BCM function to CORE. CORE can help in the
development and implementation of a robust End-to-End
BCM framework.
Dedicated team of experienced BCM
resources embedded within the
organization to ensure end-to-end BCM
implementation. There will be ongoing
knowledge transfer and CORE can assist
in building an internal team to assume full
responsibilities of the BCM program on an
ongoing basis.
Change Management
The objective is to help ensure the continued viability of
the recovery and restoration plans that are developed as
part of this project, plan administration guidelines will be
developed and documented.
These guidelines will address the on-
going maintenance and testing required
supporting the Business Continuity
Program
RECOVERYCONTINUITY
RESILIENCE
Governance
Business
Alignment
Strategies
& Plans
Implementation
People &
Process
Operating
Model
Regulations &
Standards
Policies &
Procedures
Auditing &
Compliance
Continuous
Improvement
Current State
Assessment
Industry
Benchmarking
Risk
Assessment
Business
Impact
Analysis
Crisis
Management
Emergency /
Incident
Response
Business
Continuity
ASSET
Recovery
(Buildings,
Equipment,
Technology,
Human Resources,
3rd Parties)
Business Continuity &
Emergency Management
Tools
Enterprise
Application
Recovery
Technology
Infrastructure
Resilience
Data Backup &
Recovery
Work Area
Recovery
Training &
Awareness
Testing &
Exercising
Change
Management
Co-Sourcing
Metrics &
Reporting
19
Implementation Approach & Methodology
20
BCMS Requirements (Leading Practice)
Continual improvement of Business Continuity Management System (BCMS)
Interested
Parties
Requireme
nts for
Business
Continuity
Interested
Parties
Managed
Business
ContinuitySource: ISO 22301:2012
21
Audits and Maturity Assessments
22
First Party Audits
• Support the client by acting as an extended arm of their Internal Audit function and perform the audits from a Self-Assessment / Evaluation mode, to evaluate the overall effectiveness of the management system and provide a detailed report on the gaps pertaining to non-conformance and improvements.
Second Party
Audits
• Conduct audits on behalf of our clients, on their vendors / suppliers as an extension of their Internal Audit Team, to evaluate and validate the conformance of the vendor / suppliers business in tune with the expectations set by the client, as per the contractual obligations and compliance with the legal and regulatory norms.
Third Party Audits
• Partner with Certification Bodies as “Empanelled Auditors” as a resource and conduct the audits on their clients’ in line with the norms of the certification body’s internal processes and alignment with the global audit standards like ISO 19011, ISO 17021 etc.,
Audits as a Service, CORE conducts :
23
GA
P A
ss
es
sm
en
ts
• Perform the AS-IS Basis review and evaluate with the chosen standard and/or best practice and/or benchmark framework to identify the gaps and opportunities for improvement on the management system being assessed. M
atu
rity
As
se
ss
me
nts
• Conduct the assessment based on a specific benchmark / global standard / regulatory requirement / best practice and assess it’s maturity based on the pre-defined parameters set to validate its overall performance and maturity of the current management system.
Be
nc
hm
ark
ing
Su
rve
ys
• Conduct surveys specific to the requirements based on a pre-defined global parameters of relevance to the management system being assessed using various approaches, analyze the data points and evaluate the maturity of it in conformance with the benchmark.
Assessments as a Service, CORE conducts :
24
Trainings & Exercises
25
Trainings
Public Programs
• Global Certifications like BCI, IRCA, PECB, APMG etc.,
• CORE Certifications
In-house Workshops
• Global Certifications like BCI, IRCA, PECB, APMG etc.,
• CORE Certifications
Tailor-made
• Customized to clients
• Specialized coverage
• Awareness Education
• Simulated Exercises
26
List of TrainingsNo. of days Workshop Title No. of days Workshop Title
1 Certified Business Continuity Professional 3 Certified IT Disaster Recovery Specialist
1 Certified Environmental Sustainability Professional 1 Certified Risk Management Best Practices Workshop for PSUs
3 Certified ISO 22301 Lead Implementer Transition 1 Certified Risk Management Professional Workshop
1 Certified ISO 22301 Professional 1 Certified Social Media Crisis Management Professional
2 Transition Course from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 3 COBIT®5 Foundation with Case Study
5 5 Day Lead Auditor Course on ISMS ISO 27001:2013 2 Enterprise Risk Management Workshop
2 BCI BCMS Audit Workshop* 1 Fundamentals of UAE BCM STANDARDS ( NCEMA 7000:2012 )
3 BCI Certification Workshop Based on the Good Practice Guidelines (GPG) HALF DAY* Crisis and Disaster Management Simulation Exercise for top Management
*5 BCI Certification Workshop Based on the Good Practice Guidelines (GPG) 5 ISO 22301 Lead Auditor Workshop
3 BCI’s BCM Audit Workshop 3 ISO 22301 Lead Auditor Workshop (Accelerated)
1 BCM Fundamentals for Arabic Speakers 5 ISO 22301 Lead Auditor Workshop (ANSI Accredited)
3 BCS Foundation Certificate in Business Analysis 5 ISO 22301 Lead Auditor Workshop (IRCA Accredited)
3 BCS Foundation Certification Workshop in Green IT 3 ISO 22301 Lead Implementer (Accelerated)*
5 weeks*Blended BCI Certification W/S Based on the Good Practice Guidelines
(GPG)) – 4 Weeks self learning and 2 days classroom session1 ISO 27001 Lead Auditor
1 Certified BIA professional 2 ISO 31000 Risk Management Workshop
3 Certified Crisis Management Specialist Workshop (PAS 200:2011) 2 ISO22301 Internal Auditor Workshop*
1 Certified Data Privacy Professional 1 ITIL® Foundation with Case Study
1 Certified Energy Management Professional 1 Migration to ISO 22301
3 Certified Energy Management Specialist 2 The BCI Business Continuity Management System (BCMS) Audit Course
1 Certified Green IT Professional 2 The BCI Business Impact Analysis (BIA) Training Course
3 Certified ISO 22301 Lead Auditor 2 The BCI Exercise Planning Course
3 Certified ISO 22301 Lead Auditor Transition * 2 The BCI Introduction to Business Continuity
5 Certified ISO 22301 Lead Implementer * 1 The BCI Supply Chain Continuity Management Course
1 Certified ISO 31000 Professional Workshop 1 The BCI Writing Business Continuity Plans Course
2 Certified ISO 31000 Risk Management Specialist 1 Workshop on Crisis Management and Disaster Simulation Exercise
1 Certified IT Disaster Recovery Professional 3 Implementation W/S on UAE BCM Standard AE/HSC/NCEMA 7000:2012
27
Our Clients
28
Some of Our Clients
29
Some of Our Clients……. (Contd)
30
31
CONTINUITY & RESILIENCECORE Integrated Management Systems Pvt. Ltd.,
Level 15, Eros Corporate Towers, Nehru Place, New Delhi 110 019 India
Ph: +91 11 6462 9381 / 6546 6332 / 36 | FAX: +91 11 4105 5535
[email protected] | www.continuityandresilience.com
32