SlideShare a Scribd company logo

BCI Guidelines, Horizon Scan and Business Continuity

Download as PPTX, PDF
C
Christopher Rivera

This document provides an overview and summary of the Business Continuity Institute (BCI), its Good Practice Guidelines, and Horizon Scan report. It discusses that the BCI is a global organization for business continuity professionals with over 8,000 members. It outlines the BCI's Good Practice Guidelines, which provide best practices for business continuity. It also summarizes the Horizon Scan report, which identifies the top threats to organizations and trends in business continuity based on a survey. It discusses how these threats like cyber attacks, data breaches, and terrorism impact business continuity professionals and their role in organizational resilience and risk mitigation.

Business
1 of 48
The BCI, Good Practice Guidelines, and Horizon Scan BCI US Chapter Christopher Rivera, MBCI
• Business Continuity Institute background • Overview of BCI’s Good Practice Guidelines • Overview of Horizon Scan Agenda 11/28/2016 www.thebci.org 2
Business Continuity Institute background 11/28/2016 www.thebci.org 3
• Founded in 1994, a Member-Owned, Not-for-Profit Professional Association of Business Continuity Professionals • A global membership and certifying organization for business continuity professionals • Over 8,000 members in more than 120 countries working in an estimated 3,000 organizations in the public and private sectors • We stand for excellence in the business continuity profession • Our certified grades provide unequivocal assurance of technical and professional competency What is the BCI? 11/28/2016 www.thebci.org 4
• Professionals seeking international recognition of their professional and technical competency in the BC discipline • Individuals currently working in BC related functions who are seeking to improve their knowledge and understanding of the BC discipline • Individuals who are looking to benefit from being part of a global network of like-minded professionals to share good practice in BC and related disciplines • Newcomers to the discipline who are considering a career in BC or a related profession Who can be a member of the BCI? 11/28/2016 www.thebci.org 5
BCI Chapters A global membership 11/28/2016 www.thebci.org 6 Membership by Region Asia Australasia Belgium / Netherlands Canada Japan Nordic SADC Swiss USA Africa (5%) Central America & West Indies (1%) North America (15%) Asia (9%) Europe (12%) South America (5%) Australia (7%) Middle East (4%) United Kingdom (42%)
BCI Membership grades 711/28/2016 www.thebci.org
Overview of Good Practice Guidelines 11/28/2016 www.thebci.org 8
A Guide to Global Good Practice in Business Continuity • The most comprehensive and independent view of current thinking in Business Continuity • Provides the what, why, how and when of good BC practice • Written by BC professionals for BC professionals • Used in training and examining individuals and organizations (our body of knowledge) • Aligned to ISO 22301 • Reference material for academic institutions The BCI Good Practice Guidelines 11/28/2016 www.thebci.org 9
• BCI members can download a free PDF version from the Members’ Area of the BCI website • Non-members can purchase a PDF version from the BCI website at https://shop.thebci.org/shop/sho p.php?sid=144 How can I get a copy of the GPG? 11/28/2016 www.thebci.org 10
The Six Professional Practices 11/28/2016 www.thebci.org 11
The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Source: ISO 22301:2012 The BCI’s Definition of Business Continuity 11/28/2016 www.thebci.org 12
• Responsibilities of Top Management • Setting strategic objectives • Resources for business continuity • The importance of the BIA and a stronger link to the organizations approach to risks and threats • Resource requirements, skills and competence of people involved • Training, awareness and communications • Document management • Exercising and testing • Monitoring performance and measuring value of business continuity GPG Alignment to ISO 22301? 11/28/2016 www.thebci.org 13
Defines an organization’s policy relating to BC, how it will be implemented, controlled and validated through a BCM program • Setting BC Policy and determining the scope of the BCM program • Defining governance and assigning roles and responsibilities • Implementing a BCM program, managing documentation using program and project management techniques • Managing outsourced activities and supply chain continuity PP1 – Policy and Program Management 11/28/2016 www.thebci.org 18
The BCM program operates at three levels • Strategic - decisions are made and policy is determined • Tactical - operations are coordinated and managed • Operational - activities are undertaken PP1 – Policy and Program Management 11/28/2016 www.thebci.org 19
The Management Professional Practice that continually seeks to integrate BC into day-to-day business activities and organizational culture • Organizational Culture • Skills and Competence • Managing a Training Program • Managing an Awareness Campaign PP2 – Embedding Business Continuity 11/28/2016 www.thebci.org 20
Reviews and assesses and organization in terms of what its objectives are, how it functions and the constraints of the environment in which it operates • Business Impact Analysis (BIA) • Threat Analysis (includes risk assessment) PP3 – Analysis 11/28/2016 www.thebci.org 21
Identifies and selects appropriate strategies and tactics • Continuity and Recovery Strategies and Tactics • Threat (Risk) Mitigation Measures • Incident Response Structure PP4 – Design 11/28/2016 www.thebci.org 22
Executes the agreed-upon strategies and tactics through the process of developing plan documentation • Business continuity plans • Developing and managing plans at a strategic, tactical and operational level PP5 – Implementation 11/28/2016 www.thebci.org 23
Confirms the BCM program meets objectives set in the BC Policy and that plans are fit for purpose • Developing an exercise program • Developing and running exercises • Maintenance of the BCM program • Review of the BCM program PP6 – Validation 11/28/2016 www.thebci.org 24
How does the GPG work in the real-world 11/28/2016 www.thebci.org 25 Problem Description Management engagement “My steering committee isn’t coming to meetings anymore or they’ve delegated their role.” Participation “The VP from Department X assigned his administrative assistant as his group’s planner.” Focus “We have 1000 plans in our software tool… but we’re not sure we’re recovering what truly matters.” Proactive vs Reactive (and scope) “We seemed to be laser focused on reacting to events. Shouldn’t we be equally focused on preventing disruption in the first place? Also, when it comes to being reactive, is it strange we seem to be predominantly focused on IT?” Templates vs plans “No one seems to use the plans we’ve documented. And why would they all read the same, almost as if they’re templates!” Measurement “We have 1000 plans, all updated in the last 12 months… but we’re not sure if we’re actually ready for a disaster.” Solution GPG PP1 – Policy and Program Management PP2 – Embedding Business Continuity PP3 – Analysis PP4 – Design PP5 – Implementation PP6 – Validation
BCI Horizon Scan 11/28/2016 www.thebci.org 26
• The goal of the BCI has been to promote a more resilient world • When the Institute celebrated its 20th anniversary in 2014, the focus was not on our past achievements but our vision of the future • From that vision emerged the BCI 20/20 Think Tank, a worldwide group of thought leaders with a passion to drive the profession forward BCI Horizon Scan 11/28/2016 www.thebci.org 27
BCI 20/20 – two focal points 11/28/2016 www.thebci.org 28 Advisory • Help in shaping the profession • Developing career opportunities for those who have chosen to pursue this field Advocacy • Raise the profile and value of business continuity and resilience • Build the value of resilience into organizational strategies • As professionals learn more and more about the threats and translate those threats into business risks – which includes how to work with senior executives to manage these risks – the real and perceived value of our efforts will only increase
Issues concerning the BCI in 2016 11/28/2016 www.thebci.org 30 Excerpt from BCI Horizon Scan Report 2016
A 2016 study of threats and business risks by insurer Allianz confirms management is in line with evolving threats as we, business continuity professionals, are facing – which is good news for executive sponsorship Business risks mirror BC concerns 11/28/2016 www.thebci.org 31 Excerpt from Allianz Risk Barometer Top Business Risks 2016
As a key protective discipline, business continuity ensures organizational resilience by building an effective response to disruptive events. Horizon scanning is a useful tool that can provide an objective perspective on threats and uncertainties that may lead to business disruption. These conclusions inform – or even confirm – strategies undertaken by organizations to prepare for disruption. Introduction to Horizon Scanning 11/28/2016 www.thebci.org 32
Cyber attacks (85%), data breach (80%) and unplanned IT outages (77%) remain the top three threats facing organizations, with data breaches moving into second place in 2016 The use of the Internet for malicious attacks (83%), growing influence of social media (63%) and the loss of a key employee (56%) are the top three trends Investment levels for BC are up for more organizations (23% from 18%) with more businesses using ISO 22301 as a framework for BCM implementation (52% from 44%) Horizon Scan Report 2016 headlines 11/28/2016 www.thebci.org 33
Top 10 threats worldwide 11/28/2016 www.thebci.org 34 Excerpt from BCI Horizon Scan Report 2016
Investment trends in business continuity 35 Excerpt from BCI Horizon Scan Report 2016
Top 10 based on level of concern 11/28/2016 www.thebci.org 36 Excerpt from BCI Horizon Scan Report 2016
Top 5 trends and uncertainties 37 Excerpt from BCI Horizon Scan Report 2016
Ranked 1st were Cyber Attacks in both 2016 and 2015, which were ranked third in 2013 and second in 2014 (not surprising given all the incidents we hear about almost daily) Most DRJ attendees agreed this was and is a major concern and acknowledged the close association with Data Breach, Terrorism and Security, increasing the relevance of this threat Tracking threats 11/28/2016 www.thebci.org 38 How does this affect us as BC Professionals? • Recognition that this threat has IT availability and even business continuity implications • Leverage crisis management and crisis communications processes in response # 1 Cyber Threats
Ranked 2nd were data breaches, which ranked third in 2015 DRJ discussion surrounded the fact that data breaches come in many forms, both cyber / internet related as well as the old fashion stealing of reports and copying files to a flash drive Data breach related exercises are a key focus of attendees as well as differentiating IT related response plans from incorporating breach response into crisis management plans Tracking threats 11/28/2016 www.thebci.org 39 How does this affect us as BC Professionals? • Leverage crisis management and crisis communications processes in response • Facilitate adoption of strategies related to data privacy and protection # 2 Data Breaches
Ranked 3rd were unplanned IT outages, which ranked second in 2015 Still a top 10 issue and area of key focus in most IT DR and BC programs While most respondents see emerging threats such as cyber and data breaches as more impactful, IT outages are still a major focus Discussion among the DRJ attendees focused on the changing face of IT, as software as a service, cloud computing and outsourced IT change the landscape and require differing strategies, often outside of the organizations direct control Tracking threats 11/28/2016 www.thebci.org 40 How does this affect us as BC Professionals? • The evolution of IT services to external providers moves control outside our direct ability to manage • Coordination of recoveries becomes more challenging across providers # 3 Unplanned IT outages
Moving from 10th in 2015 to 4th in 2016, Terrorism has re-emerged for resilience and continuity professionals This increase may be attributed to the recent terrorist attacks which occurred during the survey period Most participants acknowledged the threat, and felt it was driving attention to incident response and crisis management plans, plus a focus on tracking Tracking threats 11/28/2016 www.thebci.org 41 How does this affect us as BC Professionals? • Indirectly, recent events are creating protectionist measures impacting global operations and trade (Brexit) • Local or regional nature of events creates access and credentialing issues # 4 Terrorism
Ranked 5th in the 2016 scan, which is up from 6th in 2015 Adding to the puzzle we mentioned earlier, along with cyber and data breaches, Security is clearly an area of concern for organizations Part of the senior level discussions at DRJ had to do with organizational issues and placement of security vs continuity and recovery in organizations Tracking threats 11/28/2016 www.thebci.org 42 How does this affect us as BC Professionals? • Security events impact travel and facility availability • No issues of placing BC in Security as long as there is a recognition of more than response, business- aligned strategies still necessary # 5 Security Incident
During a discussion at DRJ Spring in Orlando, the review of the Horizon Scan report drove numerous discussions regarding how different threats or scenarios could lead to a disruption, including: • Treat the business risk rather than focus on the case… but there are exceptions • The business environment can lead to business risk, not just traditional threats such as natural and man-made disasters 11/28/2016 www.thebci.org 43 The changing risk landscape
The Horizon Scan session at DRJ discussion also led to discussions regarding owning versus contributing to risk mitigation. – For example, does/should the BC professional “own” data breach-related mitigation? – Alternatively, is there a role the BC professional can/should play when it comes to data breach mitigation – and response? Specific to many of the threats highlighted in the Horizon Scan report, and based on the contributions made by the DRJ Spring senior professionals, “ownership” is often based on the threat or risk. – But beyond ownership, the BC professional can also serve as a cross-functional facilitator, with the objective to bring diverse skill sets together to mitigate risk to a level consistent with the organization’s risk appetite The discussion regarding ownership also led to a discussion on competencies, and what the BC professional needs to know to get involved in broader resiliency initiatives. – Different from being an expert in all risk disciplines, the BC professional needs a familiarity with different types of risks and where to go to seek assistance. – More broadly, to be successful in managing or contributing to risk management, the BC professional needs a broad understanding of the business (products/services, customers, processes and resources), as well as skills specific to communications (oral/written), sales, and facilitation. 11/28/2016 www.thebci.org 44 Risk mitigation ownership
Resilience – adaptive capacity of an organization in a complex and changing environment (ISO 22316) • Business continuity is not the same as organizational resilience. • The effective enhancement of organizational resilience will require a collaborative effort between many management disciplines. • No single management discipline can credibly claim ‘ownership’ of organizational resilience, and organizational resilience cannot be described as a subset of another management discipline or standard. • Business continuity principles and practices are an essential contribution for an organization seeking to develop and enhance effective resilience capabilities. • The wide range of activities required to develop and enhance organizational resilience capabilities provide an opportunity for business continuity practitioners to broaden their skills and knowledge, building on the foundation of their business continuity experience and credentials. BCI’s statement on resilience 45
Owner Facilitator Participant It depends on the risk or threat In the context of an ever-increasing focus on resilience and the engagement of multiple disciplines, what’s the business continuity professional’s role? The role of the BC Professional? 46
Back to the Horizon Scan 47
Where do we fit into resilience? 48
Responsibilities • Increases the organization’s preparedness for disruptive incidents by implementing capabilities to enable the continuation of product and service delivery at acceptable predefined levels • Collaborates with other disciplines to create a more resilient organization, taking ownership of assigned risks and participating as a team member in mitigating other risks A proposed job description 49
Duties • Engages management to establish appropriate business continuity requirements • Enables the selection of effective capabilities to respond to and recover from disruptive incidents • Leads the evaluation of response and recovery capabilities, as well as the development of the competencies necessary to plan and respond effectively • Implements the processes necessary to drive continual improvement and manage the effects of organizational change A proposed job description 50
A proposed job description 51 Business Continuity Analyst Business Continuity Leader Resilience Professional Skills • Oral and written communications • Inquiry • Project management • Sales (including relationship building) • Strategic and tactical thinking • Management (in general) • Facilitation techniques Enablers • Knowledge of the organization and its resources • Knowledge of the organization’s products and services and customer usage • Knowledge of other management and risk disciplines
• Threats are real and expanding, leading to increased business risk • These changes are leading to changes in our profession Business Continuity Analyst Business Continuity Leader Resilience Professional • Our success will be based on our knowledge of the organization and its business environment, including customers and their expectations Summary 11/28/2016 www.thebci.org 52
Join or connect with us today @BCI_US_Chapter BCI USA – The Business Continuity Institute US Chapter www.thebci.org membership@thebci.org

Recommended

M&E WORKSHOP
M&E WORKSHOPM&E WORKSHOP
M&E WORKSHOPRameswar Khadka
 
От ITIL Foundation до ITIL Expert
От ITIL Foundation до ITIL ExpertОт ITIL Foundation до ITIL Expert
От ITIL Foundation до ITIL ExpertCleverics
 
SOA Principles
SOA PrinciplesSOA Principles
SOA PrinciplesSergey Polazhenko
 
2016.04.06.Business Continuity Planning
2016.04.06.Business Continuity Planning2016.04.06.Business Continuity Planning
2016.04.06.Business Continuity PlanningNDeLaurentis
 
1 c itil
1 c itil1 c itil
1 c itilfinnopolis
 
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012Ahmed Riad .
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningBharath Rao
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 

Recommended

M&E WORKSHOP
M&E WORKSHOPM&E WORKSHOP
M&E WORKSHOPRameswar Khadka
 
От ITIL Foundation до ITIL Expert
От ITIL Foundation до ITIL ExpertОт ITIL Foundation до ITIL Expert
От ITIL Foundation до ITIL ExpertCleverics
 
SOA Principles
SOA PrinciplesSOA Principles
SOA PrinciplesSergey Polazhenko
 
2016.04.06.Business Continuity Planning
2016.04.06.Business Continuity Planning2016.04.06.Business Continuity Planning
2016.04.06.Business Continuity PlanningNDeLaurentis
 
1 c itil
1 c itil1 c itil
1 c itilfinnopolis
 
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012Ahmed Riad .
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningBharath Rao
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
ISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems StandardISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems StandardSIKM
 
Professional bodies in it
Professional bodies in itProfessional bodies in it
Professional bodies in itPiyumi Sendanayaka
 
Ll from over 200 projects presentation file
Ll from over 200 projects presentation fileLl from over 200 projects presentation file
Ll from over 200 projects presentation fileKMIRC PolyU
 
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdf
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdfProject_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdf
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdfsandipanpaul16
 
PMBOK7_Guide_2021.pdf
PMBOK7_Guide_2021.pdfPMBOK7_Guide_2021.pdf
PMBOK7_Guide_2021.pdfIsidroPBuquiron
 
Professional bodies in it
Professional bodies in itProfessional bodies in it
Professional bodies in itPiyumi Sendanayaka
 
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...PECB
 
PMI Indonesia Chapter Profile
PMI Indonesia Chapter ProfilePMI Indonesia Chapter Profile
PMI Indonesia Chapter ProfilePMI Indonesia Chapter
 
E2_VioletaEpardo.pptx
E2_VioletaEpardo.pptxE2_VioletaEpardo.pptx
E2_VioletaEpardo.pptxVioletaEpardo
 
AGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORING
AGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORINGAGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORING
AGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORINGCyntegrity | Data Science for Clinical Trials
 
Insights and Trends: Current Portfolio, Programme, and Project Management ...
Insights and Trends: Current Portfolio, Programme, and Project Management ...Insights and Trends: Current Portfolio, Programme, and Project Management ...
Insights and Trends: Current Portfolio, Programme, and Project Management ...CollectiveKnowledge
 
Iabc annual report final
Iabc annual report finalIabc annual report final
Iabc annual report finalMeg M Edwin
 
Leveraging change through digital capability
Leveraging change through digital capabilityLeveraging change through digital capability
Leveraging change through digital capabilityJisc
 
pm2014_issuu_20-final
pm2014_issuu_20-finalpm2014_issuu_20-final
pm2014_issuu_20-finalDiana Mihu
 
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)robgnaedinger
 
2015 IABC Annual Report
2015 IABC Annual Report2015 IABC Annual Report
2015 IABC Annual ReportMichael Ambjorn
 
688_202310_Kenya (ICPAK)_SMO AP_Final.pdf
688_202310_Kenya (ICPAK)_SMO AP_Final.pdf688_202310_Kenya (ICPAK)_SMO AP_Final.pdf
688_202310_Kenya (ICPAK)_SMO AP_Final.pdfREJAY89
 
Cbap2 may2016 kuwait
Cbap2 may2016 kuwaitCbap2 may2016 kuwait
Cbap2 may2016 kuwaitmohammad husban
 
Action Plan Workshop Apr 23 2009
Action Plan Workshop Apr 23 2009Action Plan Workshop Apr 23 2009
Action Plan Workshop Apr 23 2009Szymra
 
statistics ppt.pptx
statistics ppt.pptxstatistics ppt.pptx
statistics ppt.pptxDarshilSoni2
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 

More Related Content

Similar to BCI Guidelines, Horizon Scan and Business Continuity

ISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems StandardISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems StandardSIKM
 
Ll from over 200 projects presentation file
Ll from over 200 projects presentation fileLl from over 200 projects presentation file
Ll from over 200 projects presentation fileKMIRC PolyU
 
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdf
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdfProject_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdf
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdfsandipanpaul16
 
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...PECB
 
E2_VioletaEpardo.pptx
E2_VioletaEpardo.pptxE2_VioletaEpardo.pptx
E2_VioletaEpardo.pptxVioletaEpardo
 
Insights and Trends: Current Portfolio, Programme, and Project Management ...
Insights and Trends: Current Portfolio, Programme, and Project Management ...Insights and Trends: Current Portfolio, Programme, and Project Management ...
Insights and Trends: Current Portfolio, Programme, and Project Management ...CollectiveKnowledge
 
Iabc annual report final
Iabc annual report finalIabc annual report final
Iabc annual report finalMeg M Edwin
 
Leveraging change through digital capability
Leveraging change through digital capabilityLeveraging change through digital capability
Leveraging change through digital capabilityJisc
 
pm2014_issuu_20-final
pm2014_issuu_20-finalpm2014_issuu_20-final
pm2014_issuu_20-finalDiana Mihu
 
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)robgnaedinger
 
688_202310_Kenya (ICPAK)_SMO AP_Final.pdf
688_202310_Kenya (ICPAK)_SMO AP_Final.pdf688_202310_Kenya (ICPAK)_SMO AP_Final.pdf
688_202310_Kenya (ICPAK)_SMO AP_Final.pdfREJAY89
 
Action Plan Workshop Apr 23 2009
Action Plan Workshop Apr 23 2009Action Plan Workshop Apr 23 2009
Action Plan Workshop Apr 23 2009Szymra
 
statistics ppt.pptx
statistics ppt.pptxstatistics ppt.pptx
statistics ppt.pptxDarshilSoni2
 

Similar to BCI Guidelines, Horizon Scan and Business Continuity (20)

ISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems StandardISO 30401 - The KM Management Systems Standard
ISO 30401 - The KM Management Systems Standard
 
Professional bodies in it
Professional bodies in itProfessional bodies in it
Professional bodies in it
 
Ll from over 200 projects presentation file
Ll from over 200 projects presentation fileLl from over 200 projects presentation file
Ll from over 200 projects presentation file
 
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdf
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdfProject_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdf
Project_Management_Institute_A_Guide_to_the_Project_Management_Body-001-100.pdf
 
PMBOK7_Guide_2021.pdf
PMBOK7_Guide_2021.pdfPMBOK7_Guide_2021.pdf
PMBOK7_Guide_2021.pdf
 
Professional bodies in it
Professional bodies in itProfessional bodies in it
Professional bodies in it
 
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...
Organizational Resilience – How ISO 22316 Provides Guidance for Your Organiza...
 
PMI Indonesia Chapter Profile
PMI Indonesia Chapter ProfilePMI Indonesia Chapter Profile
PMI Indonesia Chapter Profile
 
E2_VioletaEpardo.pptx
E2_VioletaEpardo.pptxE2_VioletaEpardo.pptx
E2_VioletaEpardo.pptx
 
AGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORING
AGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORINGAGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORING
AGENDA CBI RBM 2019 | RISK-BASED TRIAL MANAGEMENT and MONITORING
 
Insights and Trends: Current Portfolio, Programme, and Project Management ...
Insights and Trends: Current Portfolio, Programme, and Project Management ...Insights and Trends: Current Portfolio, Programme, and Project Management ...
Insights and Trends: Current Portfolio, Programme, and Project Management ...
 
Iabc annual report final
Iabc annual report finalIabc annual report final
Iabc annual report final
 
Leveraging change through digital capability
Leveraging change through digital capabilityLeveraging change through digital capability
Leveraging change through digital capability
 
pm2014_issuu_20-final
pm2014_issuu_20-finalpm2014_issuu_20-final
pm2014_issuu_20-final
 
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)
Symposium 2010 Gnaedinger Managing (And Leveraging) Information) (3)
 
2015 IABC Annual Report
2015 IABC Annual Report2015 IABC Annual Report
2015 IABC Annual Report
 
688_202310_Kenya (ICPAK)_SMO AP_Final.pdf
688_202310_Kenya (ICPAK)_SMO AP_Final.pdf688_202310_Kenya (ICPAK)_SMO AP_Final.pdf
688_202310_Kenya (ICPAK)_SMO AP_Final.pdf
 
Cbap2 may2016 kuwait
Cbap2 may2016 kuwaitCbap2 may2016 kuwait
Cbap2 may2016 kuwait
 
Action Plan Workshop Apr 23 2009
Action Plan Workshop Apr 23 2009Action Plan Workshop Apr 23 2009
Action Plan Workshop Apr 23 2009
 
statistics ppt.pptx
statistics ppt.pptxstatistics ppt.pptx
statistics ppt.pptx
 

Recently uploaded

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 

Recently uploaded (20)

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 

BCI Guidelines, Horizon Scan and Business Continuity

  • 1. The BCI, Good Practice Guidelines, and Horizon Scan BCI US Chapter Christopher Rivera, MBCI
  • 2. • Business Continuity Institute background • Overview of BCI’s Good Practice Guidelines • Overview of Horizon Scan Agenda 11/28/2016 www.thebci.org 2
  • 4. • Founded in 1994, a Member-Owned, Not-for-Profit Professional Association of Business Continuity Professionals • A global membership and certifying organization for business continuity professionals • Over 8,000 members in more than 120 countries working in an estimated 3,000 organizations in the public and private sectors • We stand for excellence in the business continuity profession • Our certified grades provide unequivocal assurance of technical and professional competency What is the BCI? 11/28/2016 www.thebci.org 4
  • 5. • Professionals seeking international recognition of their professional and technical competency in the BC discipline • Individuals currently working in BC related functions who are seeking to improve their knowledge and understanding of the BC discipline • Individuals who are looking to benefit from being part of a global network of like-minded professionals to share good practice in BC and related disciplines • Newcomers to the discipline who are considering a career in BC or a related profession Who can be a member of the BCI? 11/28/2016 www.thebci.org 5
  • 6. BCI Chapters A global membership 11/28/2016 www.thebci.org 6 Membership by Region Asia Australasia Belgium / Netherlands Canada Japan Nordic SADC Swiss USA Africa (5%) Central America & West Indies (1%) North America (15%) Asia (9%) Europe (12%) South America (5%) Australia (7%) Middle East (4%) United Kingdom (42%)
  • 8. Overview of Good Practice Guidelines 11/28/2016 www.thebci.org 8
  • 9. A Guide to Global Good Practice in Business Continuity • The most comprehensive and independent view of current thinking in Business Continuity • Provides the what, why, how and when of good BC practice • Written by BC professionals for BC professionals • Used in training and examining individuals and organizations (our body of knowledge) • Aligned to ISO 22301 • Reference material for academic institutions The BCI Good Practice Guidelines 11/28/2016 www.thebci.org 9
  • 10. • BCI members can download a free PDF version from the Members’ Area of the BCI website • Non-members can purchase a PDF version from the BCI website at https://shop.thebci.org/shop/sho p.php?sid=144 How can I get a copy of the GPG? 11/28/2016 www.thebci.org 10
  • 11. The Six Professional Practices 11/28/2016 www.thebci.org 11
  • 12. The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Source: ISO 22301:2012 The BCI’s Definition of Business Continuity 11/28/2016 www.thebci.org 12
  • 13. • Responsibilities of Top Management • Setting strategic objectives • Resources for business continuity • The importance of the BIA and a stronger link to the organizations approach to risks and threats • Resource requirements, skills and competence of people involved • Training, awareness and communications • Document management • Exercising and testing • Monitoring performance and measuring value of business continuity GPG Alignment to ISO 22301? 11/28/2016 www.thebci.org 13
  • 14. Defines an organization’s policy relating to BC, how it will be implemented, controlled and validated through a BCM program • Setting BC Policy and determining the scope of the BCM program • Defining governance and assigning roles and responsibilities • Implementing a BCM program, managing documentation using program and project management techniques • Managing outsourced activities and supply chain continuity PP1 – Policy and Program Management 11/28/2016 www.thebci.org 18
  • 15. The BCM program operates at three levels • Strategic - decisions are made and policy is determined • Tactical - operations are coordinated and managed • Operational - activities are undertaken PP1 – Policy and Program Management 11/28/2016 www.thebci.org 19
  • 16. The Management Professional Practice that continually seeks to integrate BC into day-to-day business activities and organizational culture • Organizational Culture • Skills and Competence • Managing a Training Program • Managing an Awareness Campaign PP2 – Embedding Business Continuity 11/28/2016 www.thebci.org 20
  • 17. Reviews and assesses and organization in terms of what its objectives are, how it functions and the constraints of the environment in which it operates • Business Impact Analysis (BIA) • Threat Analysis (includes risk assessment) PP3 – Analysis 11/28/2016 www.thebci.org 21
  • 18. Identifies and selects appropriate strategies and tactics • Continuity and Recovery Strategies and Tactics • Threat (Risk) Mitigation Measures • Incident Response Structure PP4 – Design 11/28/2016 www.thebci.org 22
  • 19. Executes the agreed-upon strategies and tactics through the process of developing plan documentation • Business continuity plans • Developing and managing plans at a strategic, tactical and operational level PP5 – Implementation 11/28/2016 www.thebci.org 23
  • 20. Confirms the BCM program meets objectives set in the BC Policy and that plans are fit for purpose • Developing an exercise program • Developing and running exercises • Maintenance of the BCM program • Review of the BCM program PP6 – Validation 11/28/2016 www.thebci.org 24
  • 21. How does the GPG work in the real-world 11/28/2016 www.thebci.org 25 Problem Description Management engagement “My steering committee isn’t coming to meetings anymore or they’ve delegated their role.” Participation “The VP from Department X assigned his administrative assistant as his group’s planner.” Focus “We have 1000 plans in our software tool… but we’re not sure we’re recovering what truly matters.” Proactive vs Reactive (and scope) “We seemed to be laser focused on reacting to events. Shouldn’t we be equally focused on preventing disruption in the first place? Also, when it comes to being reactive, is it strange we seem to be predominantly focused on IT?” Templates vs plans “No one seems to use the plans we’ve documented. And why would they all read the same, almost as if they’re templates!” Measurement “We have 1000 plans, all updated in the last 12 months… but we’re not sure if we’re actually ready for a disaster.” Solution GPG PP1 – Policy and Program Management PP2 – Embedding Business Continuity PP3 – Analysis PP4 – Design PP5 – Implementation PP6 – Validation
  • 22. BCI Horizon Scan 11/28/2016 www.thebci.org 26
  • 23. • The goal of the BCI has been to promote a more resilient world • When the Institute celebrated its 20th anniversary in 2014, the focus was not on our past achievements but our vision of the future • From that vision emerged the BCI 20/20 Think Tank, a worldwide group of thought leaders with a passion to drive the profession forward BCI Horizon Scan 11/28/2016 www.thebci.org 27
  • 24. BCI 20/20 – two focal points 11/28/2016 www.thebci.org 28 Advisory • Help in shaping the profession • Developing career opportunities for those who have chosen to pursue this field Advocacy • Raise the profile and value of business continuity and resilience • Build the value of resilience into organizational strategies • As professionals learn more and more about the threats and translate those threats into business risks – which includes how to work with senior executives to manage these risks – the real and perceived value of our efforts will only increase
  • 25. Issues concerning the BCI in 2016 11/28/2016 www.thebci.org 30 Excerpt from BCI Horizon Scan Report 2016
  • 26. A 2016 study of threats and business risks by insurer Allianz confirms management is in line with evolving threats as we, business continuity professionals, are facing – which is good news for executive sponsorship Business risks mirror BC concerns 11/28/2016 www.thebci.org 31 Excerpt from Allianz Risk Barometer Top Business Risks 2016
  • 27. As a key protective discipline, business continuity ensures organizational resilience by building an effective response to disruptive events. Horizon scanning is a useful tool that can provide an objective perspective on threats and uncertainties that may lead to business disruption. These conclusions inform – or even confirm – strategies undertaken by organizations to prepare for disruption. Introduction to Horizon Scanning 11/28/2016 www.thebci.org 32
  • 28. Cyber attacks (85%), data breach (80%) and unplanned IT outages (77%) remain the top three threats facing organizations, with data breaches moving into second place in 2016 The use of the Internet for malicious attacks (83%), growing influence of social media (63%) and the loss of a key employee (56%) are the top three trends Investment levels for BC are up for more organizations (23% from 18%) with more businesses using ISO 22301 as a framework for BCM implementation (52% from 44%) Horizon Scan Report 2016 headlines 11/28/2016 www.thebci.org 33
  • 29. Top 10 threats worldwide 11/28/2016 www.thebci.org 34 Excerpt from BCI Horizon Scan Report 2016
  • 30. Investment trends in business continuity 35 Excerpt from BCI Horizon Scan Report 2016
  • 31. Top 10 based on level of concern 11/28/2016 www.thebci.org 36 Excerpt from BCI Horizon Scan Report 2016
  • 32. Top 5 trends and uncertainties 37 Excerpt from BCI Horizon Scan Report 2016
  • 33. Ranked 1st were Cyber Attacks in both 2016 and 2015, which were ranked third in 2013 and second in 2014 (not surprising given all the incidents we hear about almost daily) Most DRJ attendees agreed this was and is a major concern and acknowledged the close association with Data Breach, Terrorism and Security, increasing the relevance of this threat Tracking threats 11/28/2016 www.thebci.org 38 How does this affect us as BC Professionals? • Recognition that this threat has IT availability and even business continuity implications • Leverage crisis management and crisis communications processes in response # 1 Cyber Threats
  • 34. Ranked 2nd were data breaches, which ranked third in 2015 DRJ discussion surrounded the fact that data breaches come in many forms, both cyber / internet related as well as the old fashion stealing of reports and copying files to a flash drive Data breach related exercises are a key focus of attendees as well as differentiating IT related response plans from incorporating breach response into crisis management plans Tracking threats 11/28/2016 www.thebci.org 39 How does this affect us as BC Professionals? • Leverage crisis management and crisis communications processes in response • Facilitate adoption of strategies related to data privacy and protection # 2 Data Breaches
  • 35. Ranked 3rd were unplanned IT outages, which ranked second in 2015 Still a top 10 issue and area of key focus in most IT DR and BC programs While most respondents see emerging threats such as cyber and data breaches as more impactful, IT outages are still a major focus Discussion among the DRJ attendees focused on the changing face of IT, as software as a service, cloud computing and outsourced IT change the landscape and require differing strategies, often outside of the organizations direct control Tracking threats 11/28/2016 www.thebci.org 40 How does this affect us as BC Professionals? • The evolution of IT services to external providers moves control outside our direct ability to manage • Coordination of recoveries becomes more challenging across providers # 3 Unplanned IT outages
  • 36. Moving from 10th in 2015 to 4th in 2016, Terrorism has re-emerged for resilience and continuity professionals This increase may be attributed to the recent terrorist attacks which occurred during the survey period Most participants acknowledged the threat, and felt it was driving attention to incident response and crisis management plans, plus a focus on tracking Tracking threats 11/28/2016 www.thebci.org 41 How does this affect us as BC Professionals? • Indirectly, recent events are creating protectionist measures impacting global operations and trade (Brexit) • Local or regional nature of events creates access and credentialing issues # 4 Terrorism
  • 37. Ranked 5th in the 2016 scan, which is up from 6th in 2015 Adding to the puzzle we mentioned earlier, along with cyber and data breaches, Security is clearly an area of concern for organizations Part of the senior level discussions at DRJ had to do with organizational issues and placement of security vs continuity and recovery in organizations Tracking threats 11/28/2016 www.thebci.org 42 How does this affect us as BC Professionals? • Security events impact travel and facility availability • No issues of placing BC in Security as long as there is a recognition of more than response, business- aligned strategies still necessary # 5 Security Incident
  • 38. During a discussion at DRJ Spring in Orlando, the review of the Horizon Scan report drove numerous discussions regarding how different threats or scenarios could lead to a disruption, including: • Treat the business risk rather than focus on the case… but there are exceptions • The business environment can lead to business risk, not just traditional threats such as natural and man-made disasters 11/28/2016 www.thebci.org 43 The changing risk landscape
  • 39. The Horizon Scan session at DRJ discussion also led to discussions regarding owning versus contributing to risk mitigation. – For example, does/should the BC professional “own” data breach-related mitigation? – Alternatively, is there a role the BC professional can/should play when it comes to data breach mitigation – and response? Specific to many of the threats highlighted in the Horizon Scan report, and based on the contributions made by the DRJ Spring senior professionals, “ownership” is often based on the threat or risk. – But beyond ownership, the BC professional can also serve as a cross-functional facilitator, with the objective to bring diverse skill sets together to mitigate risk to a level consistent with the organization’s risk appetite The discussion regarding ownership also led to a discussion on competencies, and what the BC professional needs to know to get involved in broader resiliency initiatives. – Different from being an expert in all risk disciplines, the BC professional needs a familiarity with different types of risks and where to go to seek assistance. – More broadly, to be successful in managing or contributing to risk management, the BC professional needs a broad understanding of the business (products/services, customers, processes and resources), as well as skills specific to communications (oral/written), sales, and facilitation. 11/28/2016 www.thebci.org 44 Risk mitigation ownership
  • 40. Resilience – adaptive capacity of an organization in a complex and changing environment (ISO 22316) • Business continuity is not the same as organizational resilience. • The effective enhancement of organizational resilience will require a collaborative effort between many management disciplines. • No single management discipline can credibly claim ‘ownership’ of organizational resilience, and organizational resilience cannot be described as a subset of another management discipline or standard. • Business continuity principles and practices are an essential contribution for an organization seeking to develop and enhance effective resilience capabilities. • The wide range of activities required to develop and enhance organizational resilience capabilities provide an opportunity for business continuity practitioners to broaden their skills and knowledge, building on the foundation of their business continuity experience and credentials. BCI’s statement on resilience 45
  • 41. Owner Facilitator Participant It depends on the risk or threat In the context of an ever-increasing focus on resilience and the engagement of multiple disciplines, what’s the business continuity professional’s role? The role of the BC Professional? 46
  • 42. Back to the Horizon Scan 47
  • 43. Where do we fit into resilience? 48
  • 44. Responsibilities • Increases the organization’s preparedness for disruptive incidents by implementing capabilities to enable the continuation of product and service delivery at acceptable predefined levels • Collaborates with other disciplines to create a more resilient organization, taking ownership of assigned risks and participating as a team member in mitigating other risks A proposed job description 49
  • 45. Duties • Engages management to establish appropriate business continuity requirements • Enables the selection of effective capabilities to respond to and recover from disruptive incidents • Leads the evaluation of response and recovery capabilities, as well as the development of the competencies necessary to plan and respond effectively • Implements the processes necessary to drive continual improvement and manage the effects of organizational change A proposed job description 50
  • 46. A proposed job description 51 Business Continuity Analyst Business Continuity Leader Resilience Professional Skills • Oral and written communications • Inquiry • Project management • Sales (including relationship building) • Strategic and tactical thinking • Management (in general) • Facilitation techniques Enablers • Knowledge of the organization and its resources • Knowledge of the organization’s products and services and customer usage • Knowledge of other management and risk disciplines
  • 47. • Threats are real and expanding, leading to increased business risk • These changes are leading to changes in our profession Business Continuity Analyst Business Continuity Leader Resilience Professional • Our success will be based on our knowledge of the organization and its business environment, including customers and their expectations Summary 11/28/2016 www.thebci.org 52
  • 48. Join or connect with us today @BCI_US_Chapter BCI USA – The Business Continuity Institute US Chapter www.thebci.org membership@thebci.org