Dhiraj Lal Executive Director Continuity and Resilience - UAE # HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT

1. Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
1st KSA Business & IT Resilience Summit
16th Feb, 2017 at Four Seasons Hotel, Riyadh KSA
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: ms@continuityandresilience.com
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@continuityandresilience.com

2. How to plan and manage a BCM and
IT DR project
Dhiraj Lal, Executive Director, CORE
dhiraj.l@continuityandresilience.com
+971 52 9263933, www.coreconsulting.ae
Getting started……

3. About Continuity and Resilience (CORE)
ISO 22301 certified Management Consulting Firm
Cyber Security Services
Business Continuity Management Services
Crisis Management Services
IT Disaster Recovery Services
Information Security Management Services
Risk Management Services
Green IT/ Sustainability Services
We Consult / Train / Assess and Certify in these
domains
3

4. Typical BCM Implementation Methodology
4
Quite easy…..correct?

5. 5
So where do where do we start?

6. • A collection of case studies from our IT DR and BCM
Consulting and certification engagements
• Situations our consultants have been involved in
• As part of our previous organisations (in-house
implementations) or as consultants
• Including some situations we have been told about by
others
• “Customer” is being used in this presentation as a
generic term. Could be internal or external
Getting started
6

7. • Customer 1
• Customer 2
• Customer 3
• Customer 4
• Customer 5
• Customer 6
• Customer 7
• Customer 8
 Manufacturing
 Central Bank
 Insurance
 Banking
 Aviation
 Govt. Sector
 Outsourcing
 Facilities Management
Based on diverse Case Studies from….
7

8. Immediate Response
Effective BCM means that you MUST…..,
Have “reasonable” assurance of recovery
Return to normal
level
Back to BAU
resources
Protect people,
assets, reputation
Assess damage &
communicate
Arrangements to
recover prioritized
activities as pre-
agreed
Plans for alternate
facilities, machines,
utilities, IT, staff,
supply chain etc
Emergency
Response
Crisis
Management
Business
Continuity
IT
Disaster
Recovery
R
Partial re-start
Business IT
Back to normal
Evaluate Invoke Business As
Usual
8

9. Effective BCM means that you MUST.....
Recover within “reasonable” timelines
Time
Organisation
Overallperformance
Normal
Operations
Minimum Level of
Operations
B
Effective
BCM
Program
No BCM
Program
A
INCIDENT
9

10. • Clear Understanding of “Why BCM”…don’t start if Management
is not convinced
• Present the business case – What’s in it for me? Not just
defensive, but also a revenue generator
• Budget commitment to conduct the project….and willingness to
consider investing in more resources if need be
• Strong mandate from the Top, via the BCM Policy…..Each unit is
responsible for their own BCM, central BCM Team to help…
Starting it right
10

11. • Regular Top Management interest and involvement…not just a
one-time, but review and follow up till the very end
• Let your teams be clear that this is an important initiative, and
it must be done well
• Select your best people for the BCM responsibility…not just
those who are available and free
• Recognize and Reward as a formal process. 5% of their KRA?
• Meeting the project timelines is most critical
Starting it right
11

12. Clear Ownership and roles definition:
• Senior BCM Sponsor to clear roadblocks
• BCM Steering Committee to validate and sign off
• BCM Head to support, keep track, ensure, escalate
• BCM Team to help the Departments get it right, as partners
• BCM department champions to be the BCM Leads within their units
• Department Heads accountable for BCM implementation in their units
• Operational team to implement those strategies and plans
Starting it right
12

13. • Train your people just in time – not too early, not too late. Ideally a few days
before the activity is to be performed
• Training is needed
for EACH activity:
– Policy writing
– BIA,
– Risk Assessment
– BCM
– Recovery Strategy creation
– Plan Writing
– Plan implementation,
– Testing and exercising
– etc etc…
• Training and Awareness is needed for each level (Senior Mgt,
Tactical, Operational), and for all staff/suppliers/partners)
Starting it right
13

14. • Clear project plan with pre-agreed signoff dates, based on
Steering Committee availability
• Tracking and monitoring in monthly management meeting
• Escalation to BCM Sponsor to resolve issues and conflicts
• Quick sanction of budget and resources for any needed BCM
strategies. BIA can be used to justify the needed spend….
• Department Heads to be responsible to keep ready their BCM
plan including needed Recovery strategies
• BCM Awareness across the organisation – to help embed the
BCM effort, including escalation of potential incidents
Starting it right
14

15. • Signed off testing and exercising schedule, department owned.
Agreed Management Review process, to ensure ongoing
oversight. Pre-agreed annual review process and dates
• Agreed Incident log, to capture learnings and improve the BCM
System
• BCM Trained Audit team, as an independent control
• BCM Automation software to make ease the maintenance and
updation process. And also for tracking, monitoring and
reminders
• Notification software, to ensure mass communication within
seconds via SMS, automated call, email, social media etc
Starting it right
15

16. Thank you!
Dhiraj Lal - +971 52 9263933
Executive Director
Continuity and Resilience
* dhiraj.l@continuityandresilience.com
 www.coreconsulting.ae
16
15
Continue to know more about CORE…

17. About CORE
17
• Crisis Management
• Crisis Communications
• Business Continuity
• Disaster Recovery
• Cyber Security
Country
• India
• USA
• Canada
• UK
• Europe
• Africa
• Middle
East
Institutions
• Business Continuity Institute (BCI) –
UK for offering BCM Certification
• Intertek and Bureau Veritas –for
offering ISO 27001/ ISO 22301
courses
• American University of Ras Al Khaimah
– for offering certification courses
Our Range of Specializations in Consultancy & Training cover:
Global Experience Our Partnerships
• Sustainability
• Information Security
• IT Service Management
• Project Management
• Quality
Industry
• Financial Services
• Telecom
• Manufacturing
• Airlines
• Trading
• Oil and Gas
• Government
.

18. Continual Improvement
Our Services
18
We are a firm that specializes in the complete Resilience cycle, offering Consulting, Assessments,
Trainings and Certification Services for organizations in both the public and private sectors. We
too are certified ISO 22301:2012 firm.
Information Technology
Disaster Recovery
Crisis
Management
Business Continuity
Management
IT Disaster Recovery
Trainings
Testing & Exercising
Crisis Communication
Crisis Management
Trainings
Testing & Exercising
Consulting
Implementation
Audits
Maturity Assessment
Trainings
Testing & Exercising
Design & Implementation
• Training and Awareness
• Exercising and Testing
• Audits
• Continuity and Recovery Strategies
• Crisis Management
• Incident Response Structure
• Business Continuity Plan
• Crisis Management Plan
• Incident Management Plan
• Gap Assessment
• Business Impact Analysis
• Risk Assessment
Validation
Analysis
EmbeddingBusinessContinuity
PolicyandProjectManagement
ISMS and Cyber Services
• GRC
• Managed Security
Services
• Trainings

19. How are we different?
19
1 2 3
We have trained over 2000
professionals from 500
organizations
Our consultants have performed
approximately 80 mandays of
ISO 22301 / BS 25999
assessments
4
We conduct public and inhouse workshops for
BCM Training and Professional Certifications
and help organisations run Crisis Management
and Table Top exercises and simulations
We are an ISO 22301
certified company

20. How are we different? (Contd.)
20
5 6 7
Our consultants are experienced
BCM professionals who held
senior management positions
mostly as heads of functions
Our consultants have over 140 +
man years of collective
experience ranging accross
geographies and industries
Most of our consultants hold
multiple certifications in BCM
and other related domains
8
Many of our clients have been
certified to ISO 22301 / BS25999,
based on our consulting for them

21. Cyber Security / Information Security
21
Capacity
Building & Skill
Dvlp
• Corporate Instructor Led Trainings
• Cyber Attack Simulation Exercise
• Customised training for Corporate
• Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC)
Professional
Services
• Governance, Risk & Compliance
• CERT & CSIRT (BOMT Model)
• Forensics & Investigations / VAPT
• Gap Analysis / Health Checks & Pre Audit Services
Managed
Security
Services
• CSIRT as a Service
• SOC (remote, BOMT/O&M)
• Predictive Security through Threat Hunting & Counter Threat Intelligence
• Forensics & Investigation Services
Products
• Confront & Denial of Operations Area through Smoke Screen
• Forensics Workstation & DDoS Protection Tool
• Employee Forensics & Monitoring Tool
• Mobile Device Management & Mobile Data Security

22. Assurance & long term
sustainability
Validation of documented steps
Effective & coordinated response
during crisis in order to minimize
decision points at the time
Identify potential threats & take
measures to mitigate impact
Focus on high priority items
Maturity Assessment
Industry Benchmarking
Current State Assessment
Implementation
BC Strategy & Response
Risk Assessment
Business Impact Analysis
Program Management Plan
Operationalizethe
BCMS
Continual Improvement
Performance Evaluation
Exercising
Testing
InitialAssessment&
Roadmap
Assessment Report
Implementation Review
Documentation Review
Interview Senior Management
Implementation
Operationalize
the BCMS
Initial
Assessment
Benefits
The salient points that will be covered by CORE BCM consulting are illustrated below :
Consulting
BCM
Consulting
Assignment
2221

23. Trainings
Public
Programs
• Global
Certifications
like BCI, IRCA
• CORE
Certifications
In-house
Workshops
• Global
Certifications
like BCI,
IRCA,
• CORE
Certifications
Tailor-made
• Customized to
clients
• Specialized
coverage
• Awareness
Education
• Simulated
Exercises
23

24. Some of our Trainings
• Cyber Attack Simulation Exercise
• ISO27001 on the ground implementation workshop
• Crisis and Disaster Management Simulation Exercise
• Senior Management Awareness workshops
• ISMS and BCMS coordinators training workshops
• BCI-UK certified GPG workshops (leading to CBCI)
• Certification aspirants workshops for CISSP, CISA, CISM
and CRISC
• ISO 27001 and ISO22301 Lead Auditor training
• ISO 31000 Risk Management and IT Disaster Recovery
Certification
24

25. Tools Support
CORE acts as a conduit between the partner & client by providing support for:
• Gather requirements
• Shortlist Vendors
• Subject matter expertise for tool selection
• Perform Vendor Demos
• Tool installation & implementation
support for BC, ITDR & Notification
• Assistance during tool testing
25
Benefits

26. E-learning Support
Benefits of E-Learning for our clients:
• Higher coverage
• Consistency in communication
• Higher learning retention
• Learn at your own pace,
anytime and anywhere
• Latest and most updated
course ware always available
• Cost effective as against
class room based training
• Saves paper reduces carbon
foot print
26
Crisis
Management
1
Business
Continuity
2
ITService
Management
6
Sustainability7

27. Some of Our Consulting and Training Clients
27

28. Our 2017 Summits
28

29. Thank you!
Dhiraj Lal - +971 52 9263933
Executive Director
Continuity and Resilience
* dhiraj.l@continuityandresilience.com
 www.coreconsulting.ae
29
15
End of presentation……
28