Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
1st KSA Business & IT Resilience Summit
16th Feb, 2017 at Four Seasons Hotel, Riyadh KSA
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: [email protected]
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: [email protected]
How to plan and manage a BCM and IT DR project
Dhiraj Lal, Executive Director, CORE
+971 52 9263933, www.coreconsulting.ae
Getting started……
About Continuity and Resilience (CORE)
ISO 22301 certified Management Consulting Firm Cyber Security Services
Business Continuity Management Services
Crisis Management Services
IT Disaster Recovery Services
Information Security Management Services
Risk Management Services
Green IT/ Sustainability Services
We Consult / Train / Assess and Certify in these domains
3
• A collection of case studies from our IT DR and BCM Consulting and certification engagements
• Situations our consultants have been involved in
• As part of our previous organisations (in-house implementations) or as consultants
• Including some situations we have been told about by others
• “Customer” is being used in this presentation as a generic term. Could be internal or external
Getting started
6
• Customer 1
• Customer 2
• Customer 3
• Customer 4
• Customer 5
• Customer 6
• Customer 7
• Customer 8
Manufacturing
Central Bank
Insurance
Banking
Aviation
Govt. Sector
Outsourcing
Facilities Management
Based on diverse Case Studies from….
7
Immediate Response
Effective BCM means that you MUST…..,
Have “reasonable” assurance of recovery
Return to normal level
Back to BAU resources
Protect people, assets, reputation
Assess damage & communicate
Arrangements to recover prioritized activities as pre-
agreed
Plans for alternate facilities, machines,
utilities, IT, staff, supply chain etc
Emergency Response
Crisis Management
Business Continuity
IT Disaster Recovery
R
Partial re-start
Business IT
Back to normal
Evaluate Invoke Business As
Usual
8
Effective BCM means that you MUST.....
Recover within “reasonable” timelines
Time
Org
an
isati
on
Overa
ll p
erf
orm
an
ce
Normal
Operations
Minimum Level of
Operations
B Effective
BCM
Program
No BCM
Program A
INCIDENT
9
• Clear Understanding of “Why BCM”…don’t start if Management is not convinced
• Present the business case – What’s in it for me? Not just defensive, but also a revenue generator
• Budget commitment to conduct the project….and willingness to consider investing in more resources if need be
• Strong mandate from the Top, via the BCM Policy…..Each unit is responsible for their own BCM, central BCM Team to help…
Starting it right
10
• Regular Top Management interest and involvement…not just a one-time, but review and follow up till the very end
• Let your teams be clear that this is an important initiative, and it must be done well
• Select your best people for the BCM responsibility…not just those who are available and free
• Recognize and Reward as a formal process. 5% of their KRA?
• Meeting the project timelines is most critical
Starting it right
11
Clear Ownership and roles definition: • Senior BCM Sponsor to clear roadblocks
• BCM Steering Committee to validate and sign off
• BCM Head to support, keep track, ensure, escalate
• BCM Team to help the Departments get it right, as partners
• BCM department champions to be the BCM Leads within their units
• Department Heads accountable for BCM implementation in their units
• Operational team to implement those strategies and plans
Starting it right
12
• Train your people just in time – not too early, not too late. Ideally a few days before the activity is to be performed
• Training is needed
for EACH activity:
– Policy writing
– BIA,
– Risk Assessment
– BCM
– Recovery Strategy creation
– Plan Writing
– Plan implementation,
– Testing and exercising
– etc etc…
• Training and Awareness is needed for each level (Senior Mgt,
Tactical, Operational), and for all staff/suppliers/partners)
Starting it right
13
• Clear project plan with pre-agreed signoff dates, based on Steering Committee availability
• Tracking and monitoring in monthly management meeting
• Escalation to BCM Sponsor to resolve issues and conflicts
• Quick sanction of budget and resources for any needed BCM strategies. BIA can be used to justify the needed spend….
• Department Heads to be responsible to keep ready their BCM plan including needed Recovery strategies
• BCM Awareness across the organisation – to help embed the BCM effort, including escalation of potential incidents
Starting it right
14
• Signed off testing and exercising schedule, department owned. Agreed Management Review process, to ensure ongoing oversight. Pre-agreed annual review process and dates
• Agreed Incident log, to capture learnings and improve the BCM System
• BCM Trained Audit team, as an independent control
• BCM Automation software to make ease the maintenance and updation process. And also for tracking, monitoring and reminders
• Notification software, to ensure mass communication within seconds via SMS, automated call, email, social media etc
Starting it right
15
Thank you!
Dhiraj Lal - +971 52 9263933 Executive Director Continuity and Resilience * [email protected] www.coreconsulting.ae
16 15
Continue to know more about CORE…
About CORE
17
• Crisis Management
• Crisis Communications
• Business Continuity
• Disaster Recovery
• Cyber Security
Country
• India
• USA
• Canada
• UK
• Europe
• Africa
• Middle East
Institutions
• Business Continuity Institute (BCI) –
UK for offering BCM Certification
• Intertek and Bureau Veritas –for
offering ISO 27001/ ISO 22301
courses
• American University of Ras Al Khaimah
– for offering certification courses
Our Range of Specializations in Consultancy & Training cover:
Global Experience Our Partnerships
• Sustainability
• Information Security
• IT Service Management
• Project Management
• Quality
Industry
• Financial Services
• Telecom
• Manufacturing
• Airlines
• Trading
• Oil and Gas
• Government
.
Continual Improvement
Our Services
18
We are a firm that specializes in the complete Resilience cycle, offering Consulting, Assessments,
Trainings and Certification Services for organizations in both the public and private sectors. We
too are certified ISO 22301:2012 firm.
Information Technology
Disaster Recovery
Crisis
Management
Business Continuity
Management
IT Disaster Recovery
Trainings
Testing & Exercising
Crisis Communication
Crisis Management
Trainings
Testing & Exercising
Consulting
Implementation
Audits
Maturity Assessment
Trainings
Testing & Exercising
Design & Implementation
• Training and Awareness
• Exercising and Testing
• Audits
• Continuity and Recovery Strategies
• Crisis Management
• Incident Response Structure
• Business Continuity Plan
• Crisis Management Plan
• Incident Management Plan
• Gap Assessment
• Business Impact Analysis
• Risk Assessment
Validation
Analysis
Em
bed
din
g B
usin
ess Co
ntin
uity P
olic
y an
d P
roje
ct M
anag
emen
t
ISMS and Cyber Services
• GRC
• Managed Security
Services
• Trainings
How are we different?
19
1 2 3
We have trained over 2000 professionals from 500 organizations
Our consultants have performed approximately 80 mandays of ISO 22301 / BS 25999 assessments
4
We conduct public and inhouse workshops for BCM Training and Professional Certifications and help organisations run Crisis Management and Table Top exercises and simulations
We are an ISO 22301 certified company
How are we different? (Contd.)
20
5 6 7
Our consultants are experienced BCM professionals who held senior management positions mostly as heads of functions
Our consultants have over 140 + man years of collective experience ranging accross geographies and industries
Most of our consultants hold multiple certifications in BCM and other related domains
8
Many of our clients have been certified to ISO 22301 / BS25999, based on our consulting for them
Cyber Security / Information Security
21
Capacity Building & Skill
Dvlp
• Corporate Instructor Led Trainings
• Cyber Attack Simulation Exercise
• Customised training for Corporate
• Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC)
Professional
Services
• Governance, Risk & Compliance
• CERT & CSIRT (BOMT Model)
• Forensics & Investigations / VAPT
• Gap Analysis / Health Checks & Pre Audit Services
Managed Security Services
• CSIRT as a Service
• SOC (remote, BOMT/O&M)
• Predictive Security through Threat Hunting & Counter Threat Intelligence
• Forensics & Investigation Services
Products
• Confront & Denial of Operations Area through Smoke Screen
• Forensics Workstation & DDoS Protection Tool
• Employee Forensics & Monitoring Tool
• Mobile Device Management & Mobile Data Security
Assurance & long term
sustainability
Validation of documented steps
Effective & coordinated response
during crisis in order to minimize
decision points at the time
Identify potential threats & take
measures to mitigate impact
Focus on high priority items
Maturity Assessment
Industry Benchmarking
Current State Assessment
Imp
lem
en
tati
on
BC Strategy & Response
Risk Assessment
Business Impact Analysis
Program Management Plan
Op
era
tio
nalize th
e
BC
MS
Continual Improvement
Performance Evaluation
Exercising
Testing
Init
ial A
ssessm
en
t &
R
oad
map
Assessment Report
Implementation Review
Documentation Review
Interview Senior Management
Implementation Operationalize
the BCMS
Initial
Assessment
Benefits
The salient points that will be covered by CORE BCM consulting are illustrated below :
Consulting
BCM
Consulting
Assignment
22 21
Trainings
Public Programs
• Global Certifications like BCI, IRCA
• CORE Certifications
In-house Workshops
• Global Certifications like BCI, IRCA,
• CORE Certifications
Tailor-made
• Customized to clients
• Specialized coverage
• Awareness Education
• Simulated Exercises
23
Some of our Trainings
• Cyber Attack Simulation Exercise
• ISO27001 on the ground implementation workshop
• Crisis and Disaster Management Simulation Exercise
• Senior Management Awareness workshops
• ISMS and BCMS coordinators training workshops
• BCI-UK certified GPG workshops (leading to CBCI)
• Certification aspirants workshops for CISSP, CISA, CISM and CRISC
• ISO 27001 and ISO22301 Lead Auditor training
• ISO 31000 Risk Management and IT Disaster Recovery
Certification
24
Tools Support
CORE acts as a conduit between the partner & client by providing support for:
• Gather requirements
• Shortlist Vendors
• Subject matter expertise for tool selection
• Perform Vendor Demos
• Tool installation & implementation
support for BC, ITDR & Notification
• Assistance during tool testing
25
Benefits
E-learning Support
Benefits of E-Learning for our clients:
• Higher coverage
• Consistency in communication
• Higher learning retention
• Learn at your own pace,
anytime and anywhere
• Latest and most updated
course ware always available
• Cost effective as against
class room based training
• Saves paper reduces carbon
foot print
26
Crisis
Management 1
Bu
sin
ess
Co
ntin
uity
2
IT S
erv
ice
Ma
na
ge
ment
6
Sustainability 7
Thank you!
Dhiraj Lal - +971 52 9263933 Executive Director Continuity and Resilience * [email protected] www.coreconsulting.ae
29 15
End of presentation……
28