empower organizations to efficiently d transform, govern ......business continuity planning create...
TRANSCRIPT
Empower organizations to efficiently d transform, govern business complexity and continuously improve
through process based quality, performance and compliance solutions.
W W W . I N T E R F A C I N G . C O M
TABLE OF CONTENTS
1 Relationship Map
2 Key Feature Overview by Module
3 Cross-Application Features
4 Impact Diagram
5 Risk Analysis Impact and Risk Assessment Report
6 Business Impact Analysis and Business Continuity Plan
7 Process Recovery / DRP, Action Item, and Incident Management Processes
8 Reports and Dashboards
Interfacing’s mission is to empower organizations to efficiently govern business
complexity and continuous transformation through process based quality,
performance and compliance solutions.
Business Process
Management
(BPM)
Quality
Management
System (QMS)
Governance, Risk,
Control, Audit &
CAPA (GRC)
Quality, GRC, Audit & Continuous Improvement
Interfacing’s Digital Business Transformation Suite
Automation & Integration (Low Code Rapid App Dev)
Monitoring & Reporting (BI)
Document
Management
System (DMS)
Overview
Our BCM application features a single web-based interface and a powerful relational database that connects business functions and processes, identifies risks, establishes priorities, automates test executions and generates continuity plans; all from within one repository. Unlike other out-of-the-box solutions, our application allows you the flexibility and freedom to customize any module, form or attribute to your organizations unique requirements. Our applications are configurable to your organizations needs.
All modules are interrelated and supplement each other’s functions, simplifying the complexity of creating and managing a fully transparent audit cycle.
Data from one module
easily flows and
integrates into the other.
Offering highly flexible functionality, all
modules, forms and
fields are fully
configurable.
Terminology may be
adapted to support
specific business
requirements.
Relationship Map
Between Modules
Test Management
Pretest preparation, test execution,
post-test review and final reporting
available from within one module
View all tests whether in progress or
complete; create action items from
failed results
Process / Disaster Recovery Plan
Define and gather information such as
specific disaster conditions triggering
plan activation
Enable scheduling, generate action
plans and assign responsibility
Recovery plans are reusable across
one or many BCPs
Trigger recovery plans via incidents
Business Impact Analysis
Trigger and manage BIA surveys to
identify critical assets, processes,
resources and RPO for each
application and process
All BIA & RIA data is captured and
stored within the EPC to be exported
into custom or pre-built reports
Business Continuity Planning
Create and maintain continuity plans
from pre-built plan templates in BIA
Associate continuity plans to business
processes, critical IT assets, contacts,
etc.
Mobile-enabled access to continuity
plans and crisis reports
Risk Impact Analysis
Perform assessments of business
continuity risks impacting key
processes and assets
Align key processes, risks, KRIs and
controls
Produce effective KRIs from high
quality data captured through surveys
Generate risk evaluation reports
based on impact, likelihood, and
associated controls
Action Item Management
Communicate action item details via
automated/scheduled mass
notifications (e-mail. SMS, etc.)
Escalations with real-time status/closure
tracking
Run reports on any overdue or pending
actions
Raise action items directly from the
Impact Diagram; AIs tied with specific
objects (e.g., processes, systems)
Process / Disaster Recovery Plan
Execution
Initiate a DRP to simulate or execute a
plan in real-time
Send mass notifications to critical
resources following a crisis event
Route action items to key employees
detailing step-by-step procedures
Key Feature Overview by Module
Incident Management
Real-time incident reporting, tracking,
and analysis
Supports multiple geographic locations
Enables follow-up and root cause
analysis - escalation to action items
Reusability
Test definition
Audit definition
Standardized audit template
Tracking and History
Reporting on all fields of process history
Pass vs. fail audit results
Tracking numbers
Audit trail
Cross-Application
Features
Search
Full-text search available on all fields
Filter and sort all fields for easy retrieval
(e.g., A-Z, Z-A, 1-10, etc.)
Notifications
Schedule periodic/recurring tasks
Assign task notifications based on user or role
Trigger escalations based on pending or overdue tasks
Email or SMS alerts
Complete mobile functionality
Reviews & approval cycles
Automate and accelerate approval cycles
Multiple rounds of reviews to ensure efficiency
Electronic signatures
Evidence of audit supervisory review
Integration
Integrate data from EPC using REST APIs
Integrate with 3rd party systems
Dashboards
Quickly generated based off real-time data
Embed charts and dashboards into forms
Drill down into macro-processes
Business Continuity Management Dashboard
View all processes and their statuses -- urgent, internal service, external service, SLA, RTO
View top processes at risk
View most cited process
Reports
Export collected data with a single
click
Detailed, automatically generated
reports in multiple formats such as
Excel, PDF, etc.
Customize reports with your logo
BIA Report of All Processes
BIA Report Per Process
Risk Impact Analysis
• Determine how much risk you are willing to accept to produce value within the risk appetite survey
• Define threats or hazards properly and associate the employee at risk with that threat, or identify employees that work in a location with multiple threats present
• Select an EPC object such as a process or control and calculate its impact, likelihood, and detectability; weighted averages on each radio button determine the overall risk appetite and assessment of the object
Risk Assessment Report
• Filter data within risk assessment report by EPC module (e.g., process or control), EPC object (specific process, etc., within that module), and date to generate real-time graphical charts
• Pre-calculated rules based on weighted averages transform raw data into dashboards and reports to generate overall impact, likelihood, and detectability scores
BIA and BCP Processes
Upon approval and after completion of a BIA or
BCP – pdf document generated and archived
into EPC repository
Review & approval cycles; BCM Manager
reviews BIAs and BCPs after submission
Load data from last BIA when completing a new
BIA; “date of last BIA submission” displayed at
the top of the form
Initiate BIA by use of search look-up or revise a
created BIA; set a timed start for the analysis to
begin automatically on a specified date
Business Impact Analysis • Explicit questions define critical
business processes, activities, key resources and assets; built-out by business unit or location
• Select fields dynamically prepopulate based on user (e.g., email, organization, etc.)
• Pre-select a built-out macro-process from your repository; or, if your process does not yet exist, create it on-the-fly and continue with your BIA
• Criticality scoring and calculations of recovery objectives; capture RTO and RPO
• Map out your alternative processes in the EPC; in case of emergency, your entire workforce adapts to their backup process quickly, easily, and effectively
Business Continuity Plan • Specify BIA selection criteria (RTO,
Financial or Non-Financial Impact) to filter processes and assets included in BCP
• BCPs are created and stored in the same repository as BIAs and RIAs, when creating a BCP, access BIA and RIA at your fingertips
• Report on assets, asset owners, continuity risks and preventive controls; calculate net risk priority and control effectiveness and associate a recovery plan (with recovery tasks and timeline)
• All BCPs stored in a module to be revisited or maintained over time
BCP Cont’d
• Send a copy of a newly published emergency plan to all required stakeholders; sent in real-time, the plan will reside in their email thread history accessible by laptop or mobile device without any additional action
• Emergency team notified to archive new BCP locally – on mobile, tablet, etc. by SMS; a required validation field confirms the user has saved and/or printed the most recent plan
• Newly published versions are automatically stored within an alternatively located system (e.g., country); in extreme situations deliver a copy between locations
Process Recovery / Disaster Recovery Plans
Create a procedure in the form of
action items and simulate end-to-
end testing
Detail a list of contacts responsible
for taking action
Determine cause of disaster - RTO,
and RPO fields prepopulated from
BIA
Set a disaster type and classify
data according to criticality,
severity, etc.
Create Process / DRP Features & Attributes
Key Attributes • Criticality Level (1- Critical to 4- Desirable)
• Disaster Recovery Severity (Catastrophic to Minor)
• Critical Process
• Date Raised
• Disaster Type • RTO & RPO
• List of Contacts – Recovery Team
• Action Item List
Key Features • Import critical information into the form such as
processes from EPC
• Critical assets, list of documents and list of
contacts populate from EPC depending on
process selection • Tracking notifications sent to manager
• Disaster metadata such as cause and type
• RTO and RPO
Process / Disaster Recovery Execution
Action item completion is reviewed; DRP closes
AI Owners complete AI items and attach evidence
Manage action item extension request (incl. single request limit)
DRP launches; mass notifications of action items and deadlines are sent to AI Owners
Execute Process / DRP Features & Attributes
Key Attributes • Search and filter by DRM ID,
Disaster Type or Disaster
Recovery Severity
• List of Disaster Recovery
Instances
Key Features • Filter by disaster type, disaster
recovery severity, or both
• Select your predefined Disaster
Recovery Plan to start or simulate
Add Action Item Features & Attributes
Key Attributes • Action Item Owner
• Action Type
• Date Raised & Deadline Date
• Priority
• Remaining Days Until Start • Attachment
Key Features • Collect & store action item
evidence on completion
• Default action type indicating if
AI was raised independently or
from an incident, etc. • Tracking notifications sent to
manager once AI owner opens
completion form
• Deadline can be set based on
RTO and RPO calculated
Key Features • All fields static and unable to be edited
• Download all attachments for review
• Review & approval cycle set to ensure compliance
• 100% mobile and tablet responsive
• Electronic signatures
Key Attributes • Action item name
• Action item owner
• Action type
Priority
• Deadline
Action Item Review Form Features & Attributes
Close Process / DRP Form Features & Attributes
Key Attributes • All DRP information inherited and static
• List of Contacts / Recovery Team
• Action Item List
• Process history icon to view all previous details
surrounding the forms; who received them, who modified or approved them, when they
was sent, received and completed, etc.
Key Features • Trigger test execution if action items have failed
• Form easily reassigned if higher authority level
sign-off is required
• All AIs may be reviewed before DRP closes
Assign actions to specific resources with
deadlines; status of action items
available in real-time
Detail a list of contacts / recovery team
responsible for taking action
Failed tests may trigger action item
process to start
Execute tests associated to process /
disaster recovery plans or BCPs
Test Execution
New Test Features & Attributes
Key Attributes • Procedure
• Prerequisites
• Tester and audience assignment
• Select and EPC Module and Object
• Sample size
Key Features • Auto-incrementing number and
ID fields
• Add and evaluate test samples
• Detail pre-test preparation work
• Reuse previously defined test form as a template and re-assign
values or roles easily
• Lock fields by role
• Set validations
Test Execution Features & Attributes
Key Attributes • Procedure
• Scheduled date and due date
• Frequency
• Sample size
• Sample results
Key Features • Establish responsibility by role
• View/edit/add sample results
• Yes/no and/or pass/fail radio buttons to
determine sample effectiveness
• Notifications sent to manager • Trigger escalation to action items from
failed test results
Incident Management
Failed analysis results trigger action item process
Multiple review and approval cycles to ensure
accuracy and compliance
Quality Assurance Agent triggered to conduct
incident investigation; root cause and risk analysis
Create incident ad hoc; if accepted after first review,
incident process closes
Incident Investigation Features & Attributes
Key Attributes • Risk analysis
• Root cause analysis
• Date
• Initiation tab
Key Features • Information from previous
Incident Initiation form
inherited as a tab for reference
• Electronic signature
• Date defaults to date investigation takes place
Review Incident Analysis Features & Attributes
Key Attributes • All fields inherited from Incident form
• Accountability assigned by roles and
users
• Date of signatures
Key Features • Electronic signatures
• Triggered process-loop back if form is
rejected
• Validation on fields to ensure form may not
be submitted without signature, etc. • Multiple approval cycles may precede any
step
• Trigger escalation to action items if
necessary
Incident Report
Drilldown to view subsets of each Incident Report to expose and consult all related action item details.
Impact Report (Assets)
The Impact report
allows a user with
proper access and
security to select any
object or asset (as specified to the right)
and view all of its
associations and
impacts
Drilldown from the
top-level report to
view the details of an
object and all its
impacted associations.
View data such as:
process description,
owner, flow object name and
description,
responsible role,
asset, rule, risk, KPI,
document, etc.
Drilldown further
and generate a more
specific report on a
related object such as a control, (for
example, as shown
on the right) to view
details such as
control description, type, owner,
frequency, control
type, and additional
related impacts
Reports and Dashboards
• Incorporate dashboards and charts into forms
• Monitor test progressions, percentage of
resolved incidents in real-time
• View number of incidents logged per location,
within a specific time frame • Drill down into metrics