Continuity and Resilience (CORE)

ISO 22301 BCM Consulting Firm

Presentations by speakers at the

5th India Business & IT Resilience Summit June 1, 2017 at Meluha – The an Ecotel Hotel

Mumbai, India

Our Contact Details:

UAE INDIA

Continuity and Resilience

P. O. Box 127557

Abu Dhabi, United Arab Emirates

Mobile:+971 50 8460530

Tel: +971 2 8152831

Fax: +971 2 8152888

Email: info@coreconsulting.ae

Continuity and Resilience

Level 15,Eros Corporate Tower

Nehru Place ,New Delhi-110019

Tel: +91 11 41055534/ +91 11 41613033

Fax: ++91 11 41055535

Email: info@coreconsulting.ae

Post Event Reviews Demonstrating Business Continuity value by quantitatively scoring incident response

Microsoft Services Information Protection and Governance

On personal devices

24 x 7 collaboration

On the road

In the office

At home

Through social media

Public Data

Internal Data

Confidential Data

On Premise

Cloud

Applications

Network

Devices

‘Things’

Infrastructure

Today’s computing is heavily inter-connected

On personal devices

24 x 7 collaboration

On the road

In the office

At home

Through social media

Public Data

Internal Data

Confidential Data

On-premise

Cloud

Applications

Network

Devices

‘Things’

Infrastructure

…and failures are inevitable!

Microsoft Customer Service & Support Overview

What does CSS care about?

Telecom Services

PGVendor

PBX

Aceyus Reporting

ICM

NAVerizon IPTF/MPLS

Network

PG MS Nortel Bangalore Embassy

MS4 HostB11

Las Colinas

Charlotte

Existing MS Global Contact Center Infrastructure

GenesysIVR

PG Gateway

CVP/VHTPG

ICMAdmin

GW/Router

SBC

MS Nortel Bangalore Signature

PG

Fargo

SBC

SammD Mississauga

MS4 ICM PG s

Gateway

Gateway GatewayGateway

EMEA CarriersMunich

Redding

Shanghai

25 other Regional PBX s

APAC Carriers

Multiple Carriers

Multiple Vendor

PBX

Skype PSTNConnection

Customer

PSTN

• Voice Network

• Contact Routing

• Customer classification

• Agent Endpoint

• Reporting

48 Internal and external

technology platforms

Plus, regional partners and

customer network

dependencies

Call centers – Americas Global Call centers

What it takes to route a call?

Limitations of Business Continuity Exercises

Some (or all) participants are notified ahead of time!

Real incidents impose additional constraints not anticipated during exercise

Unable to exercise all components effectively in a complex setup

Repeat exercise scenarios can be difficult for participants to stay engaged

Key resources are made available, kept away from regular work

Exercises become invalid if/when configuration changes

Post Event Reviews

• Review of incident response using

quantitative metrics

• Score incidents based on response

effectiveness

• Categorize based on outcomes

• Identify and track corrective

actions • Focus on customer experience

• Events which have direct customer

impact

• Break/fix in nature

• Validate if continuity plans are

effectively mitigating impact

• Not a root cause analysis, it is

carried out by technical teams

• Operational events that are not

break/fix in nature

• Not an attempt to fully prevent

them from happening

Process In Scope Out of Scope

Incident response analysis

Metric Description

Time to detect Manual or automated detection of an

incident from time of occurrence

Time to Notify Stakeholder notification

Business

Engagement

Set up business response bridge and

get stakeholders join

Time to Escalate Fix team is engaged for

troubleshooting

Strategy

documented

Documented Microsoft, supplier

strategy in place

Strategy executed Customer impact mitigated

82.72% 81.82% 84.60%

17.28% 18.18% 15.40%

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

80.00%

90.00%

1 2 3

Target- Non defects

Defects threshold

YES NO N/A

Defect Trends - Overall

Defect Trends – Metrics-wise

0% 20% 40% 60% 80% 100%

Timely Escalation

Notification

Business engagement

Fix Team engagement

Documented

Implemented

Yes No N/A

• Partial Failures • Configuration Errors • Monitoring capability • Planned Maintenance/ Upgrades

• Onboarding process • Training

• Inaccurate plans • Scenario not

appropriately addressed

• Data freshness, change not captured

• Lack of awareness among stakeholders

• Escalation process not well defined

• Lack of Training

• Auto-resolved • Configuration

Errors • Operational Issue

Cause and Effect Analysis

Incident Response

Gaps

Timely Escalation Documentation Resolution

Notification Business Engagement

BC plan implementation

Blockers and Options

Program is still developing Enables effective planning

Lack of tools, investment Enterprise software is adequate

Management buy-in, a challenge Align with business goals

Our situation is different Focus on program scope

Scorecard already exists Translate readiness to reality