testing bc plans
TRANSCRIPT
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
6th Middle East Business & IT Resilience Summit
Mar 30, 2017 at The Address – Dubai Mall
Our Contact Details:
UAE INDIA
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: [email protected]
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: [email protected]
Daman Dev Sood
COO & Head – Sustainability Practice
CORE
www.coreconsulting.ae
Testing BC Plans
About Continuity and Resilience (CORE)
ISO 22301 certified Management Consulting Firm Cyber Security Services
Business Continuity Management Services
Crisis Management Services
IT Disaster Recovery Services
Information Security Management Services
Risk Management Services
Green IT/ Sustainability Services
We Consult / Train / Assess and Certify in these domains
3
Typical BCM Implementation Methodology
4
Quite easy…..correct?
5
So where do where do we start?
• Make a Testing Program Plan
• Make a Test Plan for each test
• Conclude a test with a Test Report
• Close through follow up
• A BC test should create least disturbance to the business
Good Practices
6
• Estimate resources • Raise the bar slowly • Involve all relevant interested parties
– Plan owner – BC Champion – BC Manager – Supporting functions (HR, Finance, IT, Facilities etc.) – Team members – Management – Customers, suppliers. Vendors – Authorities
Good Practices
7
• Keep relevance
• Start and stop criteria
• Measure of success
• Fire evacuation drill is not fire alarm test
Good Practices
8
• Check effectiveness
– How many were scheduled
– How many were conducted
– How many were conducted on schedule
– How many were successful
– How many action items emerged
– How many actions have been closed
– How many actions are open – for how long and for what reasons
Good Practices
9
BC Exercising – Types (and other parameters)
10
0
1
2
3
4
5
6
7
Review/Walkthrough
Table Top Call Tree Simulation IT/ Work AreaRecovery
Integrated
Cost
Complexity
Risk (of distrurabnce due Test)
Assurance
Frequency
Graph not to scale
Cost
Complexity
Risk
Assurance
Frequenc
y
Thank you!
Daman Dev Sood Continuity and Resilience * [email protected] www.coreconsulting.ae
11 15
Continue to know more about CORE…
About CORE
12
• Crisis Management
• Crisis Communications
• Business Continuity
• Disaster Recovery
• Cyber Security
Country
• India
• USA
• Canada
• UK
• Europe
• Africa
• Middle East
Institutions
• Business Continuity Institute (BCI) –
UK for offering BCM Certification
• Intertek and Bureau Veritas –for
offering ISO 27001/ ISO 22301
courses
• American University of Ras Al Khaimah
– for offering certification courses
Our Range of Specializations in Consultancy & Training cover:
Global Experience Our Partnerships
• Sustainability
• Information Security
• IT Service Management
• Project Management
• Quality
Industry
• Financial Services
• Telecom
• Manufacturing
• Airlines
• Trading
• Oil and Gas
• Government
.
Continual Improvement
Our Services
13
We are a firm that specializes in the complete Resilience cycle, offering Consulting, Assessments,
Trainings and Certification Services for organizations in both the public and private sectors. We
too are certified ISO 22301:2012 firm.
Information Technology
Disaster Recovery
Crisis
Management
Business Continuity
Management
IT Disaster Recovery
Trainings
Testing & Exercising
Crisis Communication
Crisis Management
Trainings
Testing & Exercising
Consulting
Implementation
Audits
Maturity Assessment
Trainings
Testing & Exercising
Design & Implementation
• Training and Awareness
• Exercising and Testing
• Audits
• Continuity and Recovery Strategies
• Crisis Management
• Incident Response Structure
• Business Continuity Plan
• Crisis Management Plan
• Incident Management Plan
• Gap Assessment
• Business Impact Analysis
• Risk Assessment
Validation
Analysis
Em
bed
din
g B
usin
ess Co
ntin
uity P
olic
y an
d P
roje
ct M
anag
emen
t
ISMS and Cyber Services
• GRC
• Managed Security
Services
• Trainings
How are we different?
14
1 2 3
We have trained over 2000 professionals from 500 organizations
Our consultants have performed approximately 80 mandays of ISO 22301 / BS 25999 assessments
4
We conduct public and inhouse workshops for BCM Training and Professional Certifications and help organisations run Crisis Management and Table Top exercises and simulations
We are an ISO 22301 certified company
How are we different? (Contd.)
15
5 6 7
Our consultants are experienced BCM professionals who held senior management positions mostly as heads of functions
Our consultants have over 140 + man years of collective experience ranging accross geographies and industries
Most of our consultants hold multiple certifications in BCM and other related domains
8
Many of our clients have been certified to ISO 22301 / BS25999, based on our consulting for them
Cyber Security / Information Security
16
Capacity Building & Skill
Dvlp
• Corporate Instructor Led Trainings
• Cyber Attack Simulation Exercise
• Customised training for Corporate
• Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC)
Professional
Services
• Governance, Risk & Compliance
• CERT & CSIRT (BOMT Model)
• Forensics & Investigations / VAPT
• Gap Analysis / Health Checks & Pre Audit Services
Managed Security Services
• CSIRT as a Service
• SOC (remote, BOMT/O&M)
• Predictive Security through Threat Hunting & Counter Threat Intelligence
• Forensics & Investigation Services
Products
• Confront & Denial of Operations Area through Smoke Screen
• Forensics Workstation & DDoS Protection Tool
• Employee Forensics & Monitoring Tool
• Mobile Device Management & Mobile Data Security
Assurance & long term
sustainability
Validation of documented steps
Effective & coordinated response
during crisis in order to minimize
decision points at the time
Identify potential threats & take
measures to mitigate impact
Focus on high priority items
Maturity Assessment
Industry Benchmarking
Current State Assessment
Imp
lem
en
tati
on
BC Strategy & Response
Risk Assessment
Business Impact Analysis
Program Management Plan
Op
era
tio
nalize th
e
BC
MS
Continual Improvement
Performance Evaluation
Exercising
Testing
Init
ial A
ssessm
en
t &
R
oad
map
Assessment Report
Implementation Review
Documentation Review
Interview Senior Management
Implementation Operationalize
the BCMS
Initial
Assessment
Benefits
The salient points that will be covered by CORE BCM consulting are illustrated below :
Consulting
BCM
Consulting
Assignment
17 21
Trainings
Public Programs
• Global Certifications like BCI, IRCA
• CORE Certifications
In-house Workshops
• Global Certifications like BCI, IRCA,
• CORE Certifications
Tailor-made
• Customized to clients
• Specialized coverage
• Awareness Education
• Simulated Exercises
18
Some of our Trainings
• Cyber Attack Simulation Exercise
• ISO27001 on the ground implementation workshop
• Crisis and Disaster Management Simulation Exercise
• Senior Management Awareness workshops
• ISMS and BCMS coordinators training workshops
• BCI-UK certified GPG workshops (leading to CBCI)
• Certification aspirants workshops for CISSP, CISA, CISM and CRISC
• ISO 27001 and ISO22301 Lead Auditor training
• ISO 31000 Risk Management and IT Disaster Recovery
Certification
19
Tools Support
CORE acts as a conduit between the partner & client by providing support for:
• Gather requirements
• Shortlist Vendors
• Subject matter expertise for tool selection
• Perform Vendor Demos
• Tool installation & implementation
support for BC, ITDR & Notification
• Assistance during tool testing
20
Benefits
E-learning Support
Benefits of E-Learning for our clients:
• Higher coverage
• Consistency in communication
• Higher learning retention
• Learn at your own pace,
anytime and anywhere
• Latest and most updated
course ware always available
• Cost effective as against
class room based training
• Saves paper reduces carbon
foot print
21
Crisis
Management 1
Bu
sin
ess
Co
ntin
uity
2
IT S
erv
ice
Ma
na
ge
ment
6
Sustainability 7
Some of Our Consulting and Training Clients
22
Thank you!
Daman Dev Sood Continuity and Resilience * [email protected] www.coreconsulting.ae
24 15
End of presentation……
28