Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • “ A”
  • * ##
  • * ## Extra space before colon.
  • * ## Extra space before colon.
  • * ## Excerpts from Federal Register Notification (Vol. 73, No. 248, pp 79140-79148, December 24, 2008): Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world. (pg 79140) In implementing recommendations of the 9/11 Commission (pg 79141): DHS is to identify and promote specific standards for private sector preparedness, e.g. NFPA 1600. Conformity to the standard(s) will establish the standard of care owed by a company and its employees. Companies can benchmark their disaster preparedness, emergency management, business continuity and enterprise risk management programs against the standard(s). Insurance and credit rating services can benchmark conformity with the standard(s) to assess insurability and creditworthiness. Companies can use conformity with the standard(s) to promote investor confidence.
  • * ## The law calls for the adoption of “one or more appropriate voluntary preparedness standards.” It further states that “The term ‘voluntary preparedness standards’ means a common set of criteria for preparedness, disaster management, emergency management, and business continuity programs, such as…ANSI/NFPA 1600.’’
  • * ##
  • * ##
  • Chicago-ACP-BRPA-05-..

    1. 1. Maintaining a Competitive Edge as a Business Continuity Professional Ann Pickren May, 2009 Chicago
    2. 2. Challenging Times <ul><li>Today’s Economic Business Environment </li></ul><ul><ul><ul><li>Reductions in internal program budgets </li></ul></ul></ul><ul><ul><ul><li>Staff reductions </li></ul></ul></ul><ul><ul><ul><li>Highly competitive job market </li></ul></ul></ul><ul><li>New Regulations </li></ul><ul><ul><ul><li>Uncertainty of impact </li></ul></ul></ul><ul><ul><ul><li>DHS “Preparedness” Initiatives </li></ul></ul></ul><ul><ul><ul><li>Overlapping requirements </li></ul></ul></ul><ul><li>Job Market retractions </li></ul>
    3. 3. YOUR World is Changing <ul><li>Situations Differ for all of us: </li></ul><ul><ul><ul><li>Secured Employment </li></ul></ul></ul><ul><ul><ul><ul><li>Issues with internal program commitment </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Confusion over program direction (compliance with DHS PS Prep, adherence to new & developing standards) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Demands from DHS for Critical Infrastructure & Key Resources (CIKR) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Demands for expansion and focus on existing programs </li></ul></ul></ul></ul><ul><ul><ul><li>Searching for Employment </li></ul></ul></ul><ul><ul><ul><ul><li>Increased number of qualified candidates </li></ul></ul></ul></ul><ul><ul><ul><ul><li>How to differentiate yourself </li></ul></ul></ul></ul>
    4. 4. The Industry is Changing <ul><li>Confluence </li></ul><ul><ul><ul><li>New Standards – </li></ul></ul></ul><ul><ul><ul><ul><li>NFPA1600 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>BS25999 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ASIS </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ISO </li></ul></ul></ul></ul><ul><ul><ul><li>DHS implementation of Public Law 110.53 (“PS Prep” and “CIKR”) </li></ul></ul></ul><ul><ul><ul><li>New certification options for individuals </li></ul></ul></ul>
    5. 5. Preparing Yourself <ul><li>Your individual “tool kit” must constantly be fine-tuned and kept up to date with changing regulations and standards </li></ul><ul><li>You must arm yourself with knowledge to communicate to your executives the importance of the changing environments and the need to focus on continued commitment to the BC program </li></ul>
    6. 6. Preparing Yourself <ul><li>Improve/Advance your “value” </li></ul><ul><ul><ul><li>Know what is developing in the industry </li></ul></ul></ul><ul><ul><ul><ul><li>Regulations/Standards </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Improved services </li></ul></ul></ul></ul><ul><li>Position your program with corporate drivers </li></ul><ul><ul><ul><ul><li>Enterprise Risk </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Operational Risk </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Business Continuity Risk </li></ul></ul></ul></ul><ul><li>Secure additional credentials </li></ul><ul><ul><ul><ul><li>Certifications </li></ul></ul></ul></ul>
    7. 7. Business Continuity Management Standards & Regulations Maintaining sanity while the world around us moves into a more formal set of criteria for business continuity programs.
    8. 8. Business Continuity Standards <ul><li>Identified Standards Developers for Business Continuity </li></ul><ul><ul><li>ASIS (ANSI) </li></ul></ul><ul><ul><li>NFPA </li></ul></ul><ul><ul><li>BSI </li></ul></ul><ul><ul><li>Standards Australia </li></ul></ul><ul><ul><li>DRI* (ANSI) </li></ul></ul><ul><ul><li>ISO </li></ul></ul>
    9. 9. BC-Related Standards Public Sector Private Sector In Print In Dev’t ANSI / ARMA 5-2003 : Vital Records Programs - Identifying, Managing, and Recovering Business-Critical Records X X 2003 BSI 25999-1: 2006. Business Continuity Management. Code of Practice. [ BIP 2145:2008 -- BS 25999-1 Business Continuity Management. Code of Practice. Laminated Pocketbook. ] X X 2006 HB 292: 2006. A Practitioners Guide to Business Continuity Management [Standards Australia] X X 2006 BSI 25999-2: 2007. Business Continuity Management. Specification. [ BIP 2150:2008 -- BS 25999-2 Business Continuity Management. Specification. Laminated Pocketbook ] X X 2007 ANSI / NFPA 1600-2007 : Standard on Disaster/Emergency Management and Business Continuity Programs X X 2007 2010
    10. 10. BC-Related Standards Public Sector Private Sector In Print In Dev’t ISO 31000 : Risk Management -- Principles and Guidelines on Implementation X X 2009-10 ANSI / ASIS : Organizational Resilience – Security, Preparedness and Continuity. Management Systems Requirements with Guidance for Use X X 2009-10 ANSI / ASIS : Business Continuity Management (Based on BS 25999-1 and -2.) X X 2009-10 Standards Australia. Business Continuity Management and Audit Standard X X 2009-10 ISO 22399 : Societal Security - Guideline for Incident Preparedness and Operational Continuity Management X 2010-11
    11. 11. Developing Regulations <ul><li>Title IX – Public Law 110.53 – “Implementing Recommendations of the 9/11 Commission Act of 2007” </li></ul><ul><ul><li>Common set of criteria for preparedness, disaster management, emergency management and business continuity programs </li></ul></ul><ul><ul><li>Unfunded effort, no tangible rewards or penalties </li></ul></ul><ul><ul><li>Acknowledge cost-benefit challenges for small- and medium-sized businesses </li></ul></ul><ul><ul><li>The Goal: “To enhance private sector preparedness” </li></ul></ul><ul><li>Now referred to as “PS PREP” by DHS </li></ul>
    12. 12. PS Voluntary Prep <ul><li>The program is to be voluntary </li></ul><ul><ul><li>Businesses will decide whether or not they wish to obtain certification of their organizations’ preparedness, likely based on what benefits they see in such certification. </li></ul></ul><ul><li>The goal is to provide a method to independently certify the emergency preparedness of private sector organizations </li></ul><ul><ul><li>Including their disaster/emergency management and business continuity programs. </li></ul></ul><ul><li>The program is to certify businesses and other private sector entities </li></ul><ul><ul><li>Not individual professionals. </li></ul></ul><ul><li>The focus is on all-hazards preparedness and not on terrorism. </li></ul>
    13. 13. PS Voluntary Prep <ul><li>Certification Program </li></ul><ul><ul><li>The federal government will not run the certification program </li></ul></ul><ul><ul><li>The program will be administered outside of government by third party organizations with experience in accreditation and certification programs. </li></ul></ul><ul><ul><li>DHS has selected ANSI-ASQ National Accreditation Board (ANAB) to develop and implement the accreditation program for organizations that will provide formal certification of compliance with the Title IX program. </li></ul></ul>
    14. 14. DHS – Next Steps <ul><li>Designate the standards that will be used for the framework of certification (30-60 days) </li></ul><ul><li>Designate one or more organizations to act as the accrediting body to develop and oversee the certification process, and to accredit qualified third parties to carry out the certification program. </li></ul><ul><li>DHS (CIKR) – begin a pilot to develop an implementation guide for PS Prep, by sector </li></ul>
    15. 15. Aligning to Changing Corporate Drivers
    16. 16. Re-positioning Your Program <ul><li>Many organizations are looking at Business Continuity as part of their Enterprise Risk Program </li></ul><ul><li>You need to understand the principles of Enterprise Risk and how your organization manages the broad concept of Enterprise Risk </li></ul>
    17. 17. Consider Aligning to Enterprise Risk Emergency Response Security Operational Risk Crisis Management Business Continuity Enterprise Risk Availability Risk Resiliency
    18. 18. Business Continuity Certifications
    19. 19. Professional Certifications <ul><li>Certifications confirm your knowledge </li></ul><ul><li>Business Continuity Certifications </li></ul><ul><ul><ul><li>Multiple Options/Multiple levels of expertise </li></ul></ul></ul><ul><ul><ul><ul><li>DRI - BCI - ICOR - BRCCI - BCM </li></ul></ul></ul></ul><ul><ul><ul><ul><li>… ..??? </li></ul></ul></ul></ul><ul><ul><ul><li>Becoming an accepted standard of “entry” into the BC Profession </li></ul></ul></ul><ul><li>Think beyond BC certifications </li></ul><ul><ul><ul><li>Emergency Management </li></ul></ul></ul><ul><ul><ul><li>Risk management </li></ul></ul></ul><ul><ul><ul><li>Project Management </li></ul></ul></ul><ul><ul><ul><li>Crisis Management </li></ul></ul></ul>
    20. 20. Summary <ul><ul><li>Educate yourself and your organization on PS Prep </li></ul></ul><ul><ul><ul><li>Review the core elements on pages 4 and 5 of the Sloan Report and the DHS list of Target Criteria for Preparedness Standard </li></ul></ul></ul><ul><ul><ul><li>Determine the regulatory environment that might force your company to comply to the DHS standard(s) </li></ul></ul></ul>
    21. 21. Summary <ul><ul><li>Focus on your current program </li></ul></ul><ul><ul><ul><li>Develop a list of core elements appropriate for your business and benchmark its BC/DR/EM preparedness program against the list </li></ul></ul></ul><ul><ul><ul><li>Measure your program against one of the established guidelines and identify any gaps </li></ul></ul></ul><ul><ul><ul><li>Where the program is weak or not well developed, identify steps needed to close the gap and document action taken </li></ul></ul></ul><ul><ul><li>Get involved in industry groups and organizations </li></ul></ul><ul><ul><li>Upgrade your certifications </li></ul></ul>