This document provides an overview of business continuity planning, outlining why it is important for organizations to plan for disruptions, what a business continuity plan entails such as identifying critical functions and risks, developing strategies and response plans, and exercising those plans. It also discusses how Manitoba Infrastructure implements business continuity planning through establishing incident response teams, conducting risk assessments and business impact analyses, and developing continuity strategies and plans for individual departments and the province.
For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization.
Cybersecurity isn’t a one-person job—it’s dependent on several different factors within an organization. This webinar will show you how to build a strong cyber defense by focusing on:
• The characteristics of winning cybersecurity teams
• The Crown – Organizational map and career progression
• The Castle – The eight functional specializations
• Architecture and data policy
• Data loss prevention
• Governance, risk and compliance
• Identity and access management
• Incident response and forensic analysis
• Penetration testing
• Secure DevOps
• Secure software development
• Building a winning cybersecurity organization
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
Denise Tawwab's presentation on "Understanding the NIST Risk Management Framework" given at the Techno Security & Digital Forensics Conference on June 3, 2019 in Myrtle Beach, SC.
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization.
Cybersecurity isn’t a one-person job—it’s dependent on several different factors within an organization. This webinar will show you how to build a strong cyber defense by focusing on:
• The characteristics of winning cybersecurity teams
• The Crown – Organizational map and career progression
• The Castle – The eight functional specializations
• Architecture and data policy
• Data loss prevention
• Governance, risk and compliance
• Identity and access management
• Incident response and forensic analysis
• Penetration testing
• Secure DevOps
• Secure software development
• Building a winning cybersecurity organization
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
Denise Tawwab's presentation on "Understanding the NIST Risk Management Framework" given at the Techno Security & Digital Forensics Conference on June 3, 2019 in Myrtle Beach, SC.
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Enterprise Security Architecture was initially targeted to address two problems
1- System complexity
2- Inadequate business alignment
Resulting into More Cost, Less Value
Consider a logical cross reference or grouping for Cybersecurity Framework subcategories. This could make an assessment easier and more meaningful.
The Cybersecurity Framework identifies categories and subcategories of practice, processes, and activities to be used in a cyber security assessment. But, categories often house unrelated subcategories and subcategories are dependent on other subcategories across various categories.
The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Enterprise Security Architecture was initially targeted to address two problems
1- System complexity
2- Inadequate business alignment
Resulting into More Cost, Less Value
Consider a logical cross reference or grouping for Cybersecurity Framework subcategories. This could make an assessment easier and more meaningful.
The Cybersecurity Framework identifies categories and subcategories of practice, processes, and activities to be used in a cyber security assessment. But, categories often house unrelated subcategories and subcategories are dependent on other subcategories across various categories.
The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Analyzing Your Organization’s Risk...
In order to develop a Business Continuity Plan a thorough understanding of your organizational needs and critical
processes is required - This process is known as a Business Impact Analysis:
This involves:-
Knowing your critical activities, the effect of those activities being disrupted and the priority for recovery
of those activities; and
Knowing what events could disrupt your critical activities and lead to a failure of your organisation.
How to select the best business continuity strategy and solution?PECB
This webinar covers underlying principles for the selection of a Business Continuity solution and the tiers of Business Continuity. Within these segments we will analyze different tiers and strategies, from Rebuilt and restoration strategy to mirror site. Also, a list of BCM strategy considerations related to business trends and emerging technologies will be provided.
Main points covered:
• The underlying principles for the selection of a Business Continuity solution and the tiers of Business Continuity
• Analyze different tiers and strategies
• BCM strategy considerations related to business trends
Presenter:
The webinar was presented by Silvana Tomic Rotim. She has 20 years of rich work experience in the development and delivery of business and ICT consulting services for public and private sector. She has more than 15 years of experience in leading, coordinating and managing of different consulting project teams in more than 50 consulting projects
Link of the recorded webinar published on YouTube: https://youtu.be/F79enht3IEY
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
We will cover:
• Importance of Business Impact Analysis (BIA)
• What does new standard ISO 22317 cover?
• Elaborating ISO 22317
Presenter:
This session will be hosted by our partner Dr. Wolfgang H. Mahr, M.Sc., MBCI, the Managing Director of governance & continuity gmbh with more than 20 years of experience.
The webinar will cover why we should document the BCMS plan and how it can be done.
Main points covered:
· Why do we need to document
· What is included in the documentation
· How is the documentation used
Presenter:
Barbro Thöyrä, MBA., holds certificates in ISO 22301 Master and Lead Auditor, ICT Disaster Recovery Manager, ISO 28000 Provisional Implementer, PECB Certified Outsourcing Manager and DRI Risk Management. She is an approved PECB and DRI trainer and BCI Instructor.
She has several years of experience as an IT manager, product manager and subject matter expert in BCMS. She has worked as a senior consultant, project management, IT architect, wrote manuals and developed services within BCMS and CRM. Furthermore, she is a trainer in IT and BCMS and carried out several international BCMS and IT projects as an expert and project manager.
Link of the webinar published on YouTube: https://youtu.be/q3Jr9k-tbic
10 Critical Aspects of IT Service Continuity to Protect Your Company's Digita...Jesse Andrew
Watch the webinar: http://go.italerting.com/pink-elephant-it-service-continuity
Life is never certain or predictable, however it seems like every other week we hear of some devastating natural disaster, massive security breach or major man-made crisis flooding the airwaves and going viral on social media. So much so that It almost seems that the unpredictable has become common place and the rare occurrence our weekly update.
Based on this new global reality and the business dependence on digital automation it is more crucial than ever for businesses to take up the old Boy Scout motto, "Be Prepared". In this informative webinar Troy DuMoulin, VP of Research and Development at Pink Elephant and Vincent Geffray, Senior Director of Product Marketing at Everbridge provide an overview and practical guidance on the critical governance, management capabilities and plans for dealing with the un-expected in a digital and data dependent world.
DNS Entrepreneurship Center
Cairo, April 2015
Registry Best Practices Workshop
Website : http://www.dnsec.eg/
Facebook : https://www.facebook.com/dns.entrepreneurship.center
Twitter :- https://twitter.com/DNS_EC
Great training tool and resource available through the Justice Institute of British Columbia. They can customize it with your own logo and emergency plan specifications. Contact Darren Blackburn through LInkedIn.
“You can download this product from SlideTeam.net”
Showcase the process by which an organization deals with a disruptive and unexpected event using the Crisis Management PowerPoint Presentation Slides. Discuss the potential threats such as loss in sales, customer dissatisfaction, decrease in customer loyalty, increased overall expenses, tarnished reputation, and their impact on the firm’s overall performance. Take the assistance of our content-ready emergency management PowerPoint slide deck and highlight the methods used by the organization to deal with these threats. Discuss the purpose of the crisis management plan such as to minimize losses, to undertake the rescue operations, to ensure the security and safety of staff and visitors, etc. Make strategic decisions in order to reduce response time and provide guidance to the rest of the organization by taking the help of these crisis management planning PPT visuals. Highlight the steps to create the crisis management plan with the help of business continuity planning PowerPoint slideshow. Therefore, download our professionally designed contingency planning PowerPoint slide design and ensure that the organization is appropriately prepared for a crisis. https://bit.ly/31Oy8cj
Disaster Recovery and Business Continuity Training : Tonex TrainingBryan Len
Disaster Recovery and Business Continuity Training course causes you comprehend an assortment of subjects in disaster recovery and business continuity, for example, prologue to disaster recovery, idea of disasters, prologue to business continuity, disaster recovery handling designs, hazard the board procedures, office assurance amid disaster recovery period, information/framework recovery, occurrence reaction and open administration impact in disaster recovery plan.
Audience:
The disaster recovery and business continuity training is a 2-day course designed for:
All individuals who need to understand the concept of disaster recovery and business continuity.
IT professionals in information security and disaster recovery
Cyber security professionals & security analysts.
Security operation personnel, network administrators, system integrators and security consultants
Security traders to understand the software security of web system, mobile devices, or other devices.
Investors and contractors in security system industry.
Technicians, operators, and maintenance personnel who are or will be working on cyber security projects
Managers, accountants, and executives in cyber security.
Training Objectives:
Upon completion of the disaster recovery and business continuity training course, the attendees are able to:
Implement a business continuity management plan
Perform the business impact analysis
Understand the main concept of disaster recovery and identify the different types of disasters
Understand the vulnerabilities in information security
Recognize the vital data to preserve the data security.
Understand the concept of risk, modeling techniques.
Coordinate and response to an incident in computer network
Describe a system recovery and backup plan .
Perform the data recovery plans after any disasters.
Preserve the main facilities of a cyber-world against disasters
Conduct risk management techniques to a cyber system.
Training Outline:
The disaster recovery and business continuity training course consists of the following lessons, which can be revised and tailored to the client’s need:
Introduction to Disaster Recovery
Introduction to Disasters
Business Continuity Introduction
Disaster Recovery Planning Process
Business Continuity Management
Risk Management in Disaster Recovery Plan
Incident Response
Testing, and Improving Business Continuity Provisions
Facility Protection in Disaster Recovery Plan
Data Recovery
System Recovery and Backup
Incident Response
Hands-on and In-Class Activities
Sample Workshops Labs for Disaster Recovery and Business Continuity Training
Request more information. Visit Tonex Training website link below
https://www.tonex.com/training-courses/disaster-recovery-and-business-continuity-training/
3. WHY BUSINESS CONTINUITY?
Every organization remains vulnerable and at risk from
business disruptions caused by natural and man-made
hazards...
o Floods, tornadoes, blizzards, fires, typhoons, earthquakes
o Accidents
o Sabotage
o Infectious disease outbreaks
o Personnel shortages
o Labour strife
o Transportation, safety and service sector failures
o Environmental disasters
o Cyber terrorism
4. WHY BUSINESS CONTINUITY?
o Regardless of type, size or composition, every
organization – public, private or third sector – needs
a business disruption plan
o The Manitoba Emergency Measures Act (including
amendments) mandates Business Continuity
Planning (BCP) for all government departments,
crowns and government funded organizations
5. WHAT IS BUSINESS CONTINUITY?
o Business Continuity is a proactive and ongoing planning
and improvement process undertaken to ensure that
mission-critical functions, and services, are delivered at
pre-determined levels during any kind of significant
business disruption
o BCP is an internationally standardized professional
approach to risk mitigation, risk management, emergency
preparedness and incident response
o BCP is also known as Operational Risk in the larger
Enterprise Risk Management framework
6. ENTERPRISE RISK & BUSINESS CONTINUITY
HAZARD OPERATIONAL
STRATEGICFINANCIAL
• Personnel
• Property
• Loss Exposure
• Hazard Assessments
• Legal
• Market
• Credit
• Price
• Liquidity
• ICT Systems
• Staffing
• Business Processes
• Critical Functions
• Infrastructure
A.K.A. Business Continuity
• Economy
• Political Environment
• Business Strategy
• Demographic Shifts
ORGANIZATION
7. Larry Stevenson
Safety & Risk Control
Jodi MacDonald
Business Continuity
• ICT Systems
• Infrastructure
• Safe Work
• Critical Functions
Chris Sahaidak
Claims & Risk Control
Rob Starodub
Supportive Employment
•Personnel
• Property
• Loss Exposure
• Hazard
Assessments
• Legal
OSHRM – RISK MANAGEMENT & BCP
HAZARD OPERATIONAL
STRATEGICFINANCIAL
• Market
• Credit
• Price
• Liquidity
• Economy
• Political Environment
• Business Strategy
• Demographic Shifts
MIT
8. WHAT IS IN A BCP?
Identification of Critical Functions and Services
o Mission Critical in MIT = Recovery Time in 8 hours or less
Risk Assessment
o Identification of hazards, risk exposures and vulnerabilities
o Results help response team focus on required resources
Business Impact Analysis (BIA)
o Identification of criticality and required resources to maintain a
minimum operating level
o Identification of supply chain dependencies and specialized concerns
Strategy and Plan
o How your response team will handle the incident
Training and Exercising
o Ensuring staff know their response role
o Exercising the plan on a continual basis for response improvement
9. HOW DOES MIT & OSHRM DO BCP?
o OSHRM BCP Specialist meets with managers of established and known critical
functions
o An introduction and overview of BCP is offered
o Pre-read and preparatory information is sent to an established Incident
Response team
o Meetings are scheduled to complete a facilitated BCP Risk Assessment with
the Incident Response team
o Results are reviewed and recommendations offered
o Further meetings occur to complete the Business Impact Analysis (BIA)
template
o Results are reviewed and improvements noted, where necessary
o Incident Response team meets to determine, and document, their continuity
strategy and plan
o Once completed, BCP Specialist assists with final plan completion
o Plan exercise and review is scheduled with the Incident Response team
months later
10. BCP IS A
PROCESS
NOT A
PRODUCT
BCP FRAMEWORK & PROCESS
Lead &
Establish
Accountability
Communicate
& Report
Align &
Integrate
Allocate
Resources
ASSEMBLE TEAM
IDENTIFY CRITICAL
FUNCTIONS
COMPLETE
RISK ASSESSMENT
COMPLETE
BUSINESS IMPACT
ANALYSIS (BIA)
COMPLETE
BCP STRATEGY
COMPLETE
BCP PLAN
EXERCISE &
REVIEW BCP
FRAMEWORK PROCESS&
12. GOM BUSINESS CONTINUITY
o Incident Response Teams (Business Units/ Functional Areas)
o BCP Coordinators (Departments)
o Provincial BCP Coordinator (EMO)
o BCP Coordinator Steering Committee
o Terms of Reference for GOM service environment
o BCP Courses, Training and Certification
o Deputy Minister Committee on Emergency Management and
Public Safety
o BCP Subcommittee
o BCP 24 Month Planning Cycle
13. IDENTIFYING FUNCTIONS
o Engage your BCP Coordinator to discuss...
o Nature of the work
o Meeting strategy and expected outcomes
o Resources and steps in completing the BCP
o Assemble your Response Team
o Discuss the functions of your branch/ service
o Distinguish between activities and functions
o Discuss risk, exposure and vulnerability
o Determine the criticality of functions
o Consider the impact of non-operative functions
14. RISK ASSESSMENT
o Identify the hazards, risks and vulnerabilities to
your business functions
o Risk Exposure: Discuss and assess both the;
o Probability (Likelihood) x Impact (Consequence)
o Prioritize risks and implement risk measures
o Risk mitigation, avoidance, treatment, transfer, etc.
o Document (map) the risk exposures
o Use the Risk Assessment for the BIA discussion
17. GROUP EXERCISE
Quiz – Business Continuity Planning in Government
o Two competing teams will now complete the
Business Continuity in Government Quiz, comprised
of True and False questions
o Scores will be shared at the end of the presentation
o Could be some good prizes
20 minutes
18. BUSINESS IMPACT ANALYSIS (BIA)
For Critical Function(s)...
o Identify a Normal Operating Standard
o Identify a Minimum Operating Standard
o Prioritize functions by Recovery Time Objective (RTO)*
o Determine impacts if critical function(s) not available
o Determine resource requirements necessary for the
continuity of function(s) during a disruption
o Identify critical supply chain dependencies and ‘single
points of failure’
* RTO also known as Maximum Allowable Down Time
19. BCP STRATEGY
o Plan with your response team how you will manage a
disruption to your critical function(s)
o Discuss and document risk mitigation, preparedness,
response and recovery strategies
o Ensure that your response strategies are time-based
o Use your completed Risk Assessments and BIAs for a
more informed discussion
o Develop viable strategic options for your response team
o Recognize the possible realities of available resources,
dependencies and critical supply chain concerns
o Identify any single points of failure
20. BUSINESS CONTINUITY PLAN
o Assemble your Risk Assessment, your BIAs and your Strategy
approach into one concise BCP
o Attach all relevant documents (contact lists, reference
documents, etc.)
o Distribute physical and e-copies of your BCP to all response
team members and relevant stakeholders
o As required by legislation, submit a copy of your BCP to your
BCP Coordinator
o Set a review and plan exercise date with the BCP Coordinator
o Absolutely never create an unwieldy binder of nonsense
...Plans are nothing – planning is everything...
21. BCP EXERCISE & REVIEW
Exercise your BCP to...
o Prepare for the inevitability of a real disruption
o ‘Skill up’ your staff who have a response role
o Know exactly what to do, when and with whom
o Determine and address planning gaps
o Update plan and contact information
o Re-examine business processes, where
appropriate
o Meet legislative and departmental obligation
22. BCP INCIDENT MANAGEMENT
•Conduct Impact Assessment
•Determine Immediate Actions
•Alert Incident Response Team
Are Critical
Functions
Operational?
•Maintain Operations
•Initiate Incident Recovery
•Debrief
•Complete Gap Analysis
YES
NO
•Convene Incident Response Team
•Activate BCP
•Alert MIT BCP Lead
•Begin Incident Command (IC)
•Re-assess Situation
Minimum
Operating
Standard
Achieved?
YESNO
•IC Alerts All Executive Staff and
Stakeholders
•Departmental Resources Assembled
•EMO Notified
•Incident Command Expands
•Departmental Response Coordinated
•Actions Undertaken to Achieve MOS
POTENTIAL
CRISIS
INCIDENT
SCOPE - FUNCTIONAL AREA
_____________________________
SCOPE - DEPARTMENTAL/ GOM
23. MIT CRITICAL FUNCTIONS/ SERVICES
DIVISIONAL AREA CRITICAL FUNCTION/ SERVICE
ACCOMMODATION SERVICES (IN TRANSITION) Facility Operations
Space Planning
ADMINISTRATIVE SERVICES Financial Services
Information Technology
BOARDS AND COMMITTEES Highway Traffic & Motor Transport
Medical Review
Licence Suspension Appeal
EMERGENCY MEASURES & PROTECTIVE SERVICES (EMPS) EMO - Coordination of Emergency Response
Protective Services
ENGINEERING AND OPERATIONS Road Operations
NAMO
MOTOR CARRIER & TRANSPORTATION POLICY Motor Carrier Enforcement
SUPPLY AND SERVICES (IN TRANSITION) VEMA
Government Air Services
MDA
WATER CONTROL AND STRUCTURES Hydrologic Forecasting
Flood Operations
24. BCP RESOURCES
Resources
o OSHRM SharePoint
http://cserv.internal/sites/mit-org/oshrm/bc/SitePages/Home.aspx
o Emergency Measures Organization (EMO)
http://www.gov.mb.ca/emo/
o Disaster Recovery Institute (DRI)
http://www.dri.ca/index.php
o Winnipeg Emergency Preparedness Program
http://winnipeg.ca/epp/
o Public Safety Canada
http://www.publicsafety.gc.ca/index-eng.aspx
o Government of Canada – Emergency Preparedness Guide
http://www.getprepared.gc.ca/cnt/rsrcs/pblctns/yprprdnssgd/index-
eng.aspx
25. REMEMBER
A properly developed, maintained and exercised
Business Continuity Plan will help you...
o Reduce the risk and impact of business disruptions
o Respond more effectively to the disruption event
o Return to normal more quickly after a disruption
o Improve responder skills sets and competencies
o Be more responsive to emerging risks and vulnerabilities
26. GROUP EXERCISE
Continuity Event
o Discuss the scenario before you at your tables
o Determine the possible risk mitigation, preparedness,
response and recovery options for this scenario
o Document your results
o Appoint a spokesperson to share your results with all
30 minutes
27. GROUP EXERCISE
Business Continuity
o Discuss the scenario before you at your tables
o Each team has been assigned to assist Air Services to
develop their continuity plan
o Discuss;
o Possible Risk Mitigation and Assessment actions
o What are the critical services?
o People, process and things Air Services requires for their BCP
o Share results with the room
30 minutes