The document discusses how to measure business resiliency through defining key performance indicators (KPIs) and key risk indicators (KRIs). It recommends establishing a business resiliency scorecard to track the maturity of business continuity management programs, risk versus loss metrics, and the level of protection against business requirements. The scorecard framework focuses on methods for gathering data and integrating it with the IT infrastructure landscape in order to control the alignment between business continuity plans and business operations.
I hope this introductory presentation to ITIL v3 Foundation exam will be very useful to the readers. The time one needs to spend on study depends upon one's experience with ITIL related practices in real world. Nonetheless, it is very simple study, but the exam questions may be trickier than expectation. So, focus on learning ITIL concepts rather than adding ITIL certificate to your resume.
References for the slides used from:
http://taruu.com/Documents/ITIL%20v3%20Foundation%20Study%20Guide%20v4.2.2.5.pdf
The Art of Service – ITIL v3 Foundation Complete Certification Kit (book and online course)
Skillport - IT Infrastructure Library (ITIL) v3 Foundation Syllabus v4.2 exam
Every organization needs to adapt to the ever-changing business environment. Sensing this need, we have come up with these content-ready change management PowerPoint presentation slides. These change management PPT templates will help you deal with any kind of an organizational change. Be it with people, goals or processes. The business solutions incorporated here will help you identify the organizational structure, create vision for change, implement strategies, identify resistance and risk, manage cost of change, get feedback and evaluation, and much more. With the help of various change management tools and techniques illustrated in this presentation design, you can achieve the desired business outcomes. This business transition PowerPoint design also covers certain related topics such as change model, transformation strategy, change readiness, change control, project management and business process. By implementing the change control methods mentioned in the presentation, you will be able to have a smooth transition in an organization. So, without waiting much, download our extensively researched change management framework presentation. With our Change Management Presentation slides, understand the need for change and plan to go through it without any hassles.
I hope this introductory presentation to ITIL v3 Foundation exam will be very useful to the readers. The time one needs to spend on study depends upon one's experience with ITIL related practices in real world. Nonetheless, it is very simple study, but the exam questions may be trickier than expectation. So, focus on learning ITIL concepts rather than adding ITIL certificate to your resume.
References for the slides used from:
http://taruu.com/Documents/ITIL%20v3%20Foundation%20Study%20Guide%20v4.2.2.5.pdf
The Art of Service – ITIL v3 Foundation Complete Certification Kit (book and online course)
Skillport - IT Infrastructure Library (ITIL) v3 Foundation Syllabus v4.2 exam
Every organization needs to adapt to the ever-changing business environment. Sensing this need, we have come up with these content-ready change management PowerPoint presentation slides. These change management PPT templates will help you deal with any kind of an organizational change. Be it with people, goals or processes. The business solutions incorporated here will help you identify the organizational structure, create vision for change, implement strategies, identify resistance and risk, manage cost of change, get feedback and evaluation, and much more. With the help of various change management tools and techniques illustrated in this presentation design, you can achieve the desired business outcomes. This business transition PowerPoint design also covers certain related topics such as change model, transformation strategy, change readiness, change control, project management and business process. By implementing the change control methods mentioned in the presentation, you will be able to have a smooth transition in an organization. So, without waiting much, download our extensively researched change management framework presentation. With our Change Management Presentation slides, understand the need for change and plan to go through it without any hassles.
Approach to improve effectiveness of Enterprise ITEvgeny Nedelko
(translated to English) Excerpts from the customer proposal, which describes the experience of implementing Lean IT principles in several projects in Russia
Service based / modeled IT operations demands that Infrastructure needs are catered to with minimal disruptions and loss of user experience. Demand and capacity management for a critical cog in IT / service design to ensure that the service / infrastructure is fully available to users through its lifecycle
This file was presented by me during the study circle meeting at the Mangalore Branch of Southern India Regional Council of the Institute of Chartered Accountants of India.
PPM Challenge #1: Prioritizing Demand – 2012 PPM Challenge and Opportunity We...EPM Live
2012 is quickly approaching and many organizations are preparing their portfolio strategies for the New Year. EPM Live recently partnered with Gartner in sponsoring the 2011 Gartner Symposium ITxpo. This week, Gartner published some of the key takeaways from the event and among them were a list of challenges that we as PPM supporters should look out for in 2012. The good news is ….with every challenge there is opportunity! Please join EPM Live as we lead you through a 4 part webinar series that focuses on these common Project Management challenges and leave you with the Enterprise Project management tools you need to create opportunity across your organization as you tackle these challenges one by one.
Challenge: Have you ever been asked to accomplish more than your technology and resources could handle? Prioritizing demand is not an easy task when there are many factors to consider: strategic objectives, benefits, risk factors and so on.
Opportunity: Join EPM Live as we walk you through the critical steps that must be taken to prioritize your 2012 Project Portfolio Management while taking into consideration the environmental factors that play a role in affecting the outcome. Find out how you can plan the most profitable portfolio for your organization while meeting all of your strategic goals. A profitable portfolio leads to a profitable business. Topics Include:
- Project and Work Requests
- Project and Work Definition
- Portfolio Capacity Planning
- Portfolio What-if Modeling
- Portfolio Selection
Project organisation and erp implementation methodGaurav Kumar
The Project Organization defines the human infrastructure of the project. This task is designed to define the project organization chart, the roles, and the relationships of the project team. The organizational structure clearly identifies roles and responsibilities of each position, augmenting the existing role definitions where necessary to cover all of the responsibilities. The Project Organization technique that is used in this step provides a standard set of roles and responsibilities which can be customized for a particular project. This should cover all personnel resources required, both full and part time.
How can service transition support very rapid change in a modern IT environment?
This presentation considers the impact of cloud services and Agile, initiatives like DevOps and supporting technologies such as continual integration and continual deployment, and how can you integrate them into your IT service management practices?
You can listen to a recording of Stuart Rance and David Wheable delivering this presentation at https://www.brighttalk.com/webcast/534/95253
Introduction to itil v3/ITSM Processes and FunctionsPrasad Deshpande
IT service Management ITIL v3 Processes and Functions ranging from ITIL Life cycle, Incident, Problem and Change Management, Service Desk, Application Management
Cloudbyz PPM - Integrated Enterprise PPM, ALM and APM on force.com cloudPoornima N
Cloudbyz IT portfolio management solution is built on force.com cloud platform. Solution covers project portfolio Management(PPM), Application Life Cycle Management (ALM) and Application Portfolio Management(APM).
Business Process Management PowerPoint Presentation Slides SlideTeam
If you are planning to create a stunning presentation to showcase the concept of business process management, then we recommend you download, our ready to use business process management PowerPoint presentation slides. Our content ready presentation will save your time and efforts. With the help of this predesigned business operations management PPT presentation, you will be able to represent the numerous techniques to discover, model, examine, measure, refine, optimize, and automate organization processes. This business quality improvement presentation PPT has been designed using a slide on various essential subtopics such as introduction, functional area overview, ERP system architecture, task categories of ERP systems, ERP project progress, implementation process overview, planning and selection phase, implementation phase, enterprise resource planning funnel, tuning of concept, situational analysis-basic target concept, software selection process, and software selection criteria. It also covers a template on software selection criteria, realization and implements, v model for implementation of ERP system, tips for selecting ERP system, ERP criteria list-technical requirement, and ERP implementation-selection phase. Do not delay, quickly download these predesigned business project management presentation slides. Bring down the amount of friction existing with our Business Process Management PowerPoint Presentation Slides. Halt the further build up of differences.
Approach to improve effectiveness of Enterprise ITEvgeny Nedelko
(translated to English) Excerpts from the customer proposal, which describes the experience of implementing Lean IT principles in several projects in Russia
Service based / modeled IT operations demands that Infrastructure needs are catered to with minimal disruptions and loss of user experience. Demand and capacity management for a critical cog in IT / service design to ensure that the service / infrastructure is fully available to users through its lifecycle
This file was presented by me during the study circle meeting at the Mangalore Branch of Southern India Regional Council of the Institute of Chartered Accountants of India.
PPM Challenge #1: Prioritizing Demand – 2012 PPM Challenge and Opportunity We...EPM Live
2012 is quickly approaching and many organizations are preparing their portfolio strategies for the New Year. EPM Live recently partnered with Gartner in sponsoring the 2011 Gartner Symposium ITxpo. This week, Gartner published some of the key takeaways from the event and among them were a list of challenges that we as PPM supporters should look out for in 2012. The good news is ….with every challenge there is opportunity! Please join EPM Live as we lead you through a 4 part webinar series that focuses on these common Project Management challenges and leave you with the Enterprise Project management tools you need to create opportunity across your organization as you tackle these challenges one by one.
Challenge: Have you ever been asked to accomplish more than your technology and resources could handle? Prioritizing demand is not an easy task when there are many factors to consider: strategic objectives, benefits, risk factors and so on.
Opportunity: Join EPM Live as we walk you through the critical steps that must be taken to prioritize your 2012 Project Portfolio Management while taking into consideration the environmental factors that play a role in affecting the outcome. Find out how you can plan the most profitable portfolio for your organization while meeting all of your strategic goals. A profitable portfolio leads to a profitable business. Topics Include:
- Project and Work Requests
- Project and Work Definition
- Portfolio Capacity Planning
- Portfolio What-if Modeling
- Portfolio Selection
Project organisation and erp implementation methodGaurav Kumar
The Project Organization defines the human infrastructure of the project. This task is designed to define the project organization chart, the roles, and the relationships of the project team. The organizational structure clearly identifies roles and responsibilities of each position, augmenting the existing role definitions where necessary to cover all of the responsibilities. The Project Organization technique that is used in this step provides a standard set of roles and responsibilities which can be customized for a particular project. This should cover all personnel resources required, both full and part time.
How can service transition support very rapid change in a modern IT environment?
This presentation considers the impact of cloud services and Agile, initiatives like DevOps and supporting technologies such as continual integration and continual deployment, and how can you integrate them into your IT service management practices?
You can listen to a recording of Stuart Rance and David Wheable delivering this presentation at https://www.brighttalk.com/webcast/534/95253
Introduction to itil v3/ITSM Processes and FunctionsPrasad Deshpande
IT service Management ITIL v3 Processes and Functions ranging from ITIL Life cycle, Incident, Problem and Change Management, Service Desk, Application Management
Cloudbyz PPM - Integrated Enterprise PPM, ALM and APM on force.com cloudPoornima N
Cloudbyz IT portfolio management solution is built on force.com cloud platform. Solution covers project portfolio Management(PPM), Application Life Cycle Management (ALM) and Application Portfolio Management(APM).
Business Process Management PowerPoint Presentation Slides SlideTeam
If you are planning to create a stunning presentation to showcase the concept of business process management, then we recommend you download, our ready to use business process management PowerPoint presentation slides. Our content ready presentation will save your time and efforts. With the help of this predesigned business operations management PPT presentation, you will be able to represent the numerous techniques to discover, model, examine, measure, refine, optimize, and automate organization processes. This business quality improvement presentation PPT has been designed using a slide on various essential subtopics such as introduction, functional area overview, ERP system architecture, task categories of ERP systems, ERP project progress, implementation process overview, planning and selection phase, implementation phase, enterprise resource planning funnel, tuning of concept, situational analysis-basic target concept, software selection process, and software selection criteria. It also covers a template on software selection criteria, realization and implements, v model for implementation of ERP system, tips for selecting ERP system, ERP criteria list-technical requirement, and ERP implementation-selection phase. Do not delay, quickly download these predesigned business project management presentation slides. Bring down the amount of friction existing with our Business Process Management PowerPoint Presentation Slides. Halt the further build up of differences.
What is SaaS vs Open Source | Open Source CMS (Content Management System) vs ...ClickTecs
If you are reading this, you have probably come to a crossroad while building a website or an online application. Is it better to use a SaaS platform or is it better to use an Open Source Platform? That is the question? The answer to this dilemma will hopefully be determined below.
In this post, we define ‘Platforms’, ‘CMS’, ‘SaaS’ and ‘Open Source’, and we will break down the pros and cons of Software as a Service when compared to the pros and cons of an Open Source Content Management Systems.
The ex-governor of a high security jail where three prison officers were stabbed by a triple murderer said today he felt "let down, dismayed and humiliated" after a jury cleared the inmate of all charges.
Do you have what it takes to successfully lead change in your organization? This session features a discussion on leadership in the context of organizational change and the attributes of leaders that successfully lead change within their organizations.
You will learn:
How to Define Agents of Change
The Importance of Change/Change Agents
The Attributes of Leaders/Change Agents
Environments that Foster Innovation
Finding/Developing Leaders of Change
Here you will find a concise round-up of Ireland's financial services sector, as well as key stats such as the unemployment rate, inflation and house prices.
This presentation was given at GRC Conference in Boston (October 2010) and explains the importance of measuring performance for real value. It goes into the world of metrics and balanced scorecards
Microsoft Business Intelligence Performance Management Dan Bulos_2011Mark Ginnebaugh
Dan Bulos, President of Symmetry Corporation discusses how to use Analysis Services to create a robust dashboard and scorecard application.
You Will Learn:
* Why a PM application is unique and how to design a solution
* How to create a “Spine” of metrics and KPIs to integrate data and targets into a coherent data design
* About different scoring methodologies
* How to create a KPI scoring engine within SSAS
* How to explain performance using visualizations
Governance, Risk, and Compliance ServicesCapgemini
Capgemini’s integrated and centralized approach to Governance, Risk, and Compliance (GRC) breaks through traditional functional silos to deliver effective enterprise risk management and compliance as a continuous process. We help organizations manage a range of enterprise risks in the areas of IT, finance and accounting, operations, and regulatory compliance with flexible solutions comprised of a highly qualified CPA and CISA talent pool, innovative tools, and our unique collection of GPM best practice processes and controls.
Balance Sheet (Financial) ConsolidationDhiren Gala
There is always a challenge to close the accounting books quickly & publish the statutory balance sheets with profit and loss accounts statement or for that matter internal financial MIS for monthly quarterly or yearly. There are various challenges when there are group of companies, local subsidiaries, international subsidiaries, branches, strategic business units, sister concerns, joint ventures, merger, acquisitions, investment companies, SPV’s etc. data to be consolidated in single financial report.
CFO team is always under pressure to publish quarterly, half yearly and yearly statements based on Indian GAAP or US GAAP or IFRS or any other formats of publishing data. There are challenges to map and consolidate data from multiple entities, multiple accounting period and multiple currencies. Finance team lead by CFO works days and weeks on multiple spreadsheets to arrive a final statement. While doing this exercise finance team faces several challenges.
Technology can also be a barrier to close books faster. Companies that use desktop spreadsheets to manage their accounting, closing takes about 25% longer to get it done. If the company is still busy closing its books, it can and should do better. We help companies CLOSE YOUR BOOKS FASTER WITH ACCURACY AND EXTENSIVE ANALYTICS.
1KEY Financial Consolidation software is a complete data warehouse model with standard statutory reporting requirements for publishing financial statements and with extensive analytical reports. It provides financial managers the ability to rapidly close and report financial results, meet global regulatory requirements, reduce compliance costs and provide confidence in the numbers.
Accelerate closing cycle and improve the quality of data – remove the pain of consolidation of financial management & reporting cycle. Organizations that are able to close their books quickly & deliver faster & more accurate information can gain a competitive advantage in a rapidly changing market. Provide financial managers the ability to rapidly close & report financial results, meet global regulatory requirements, reduce compliance costs with trust in numbers.
CLOSE BOOKS – Faster | Error Free | with Extensive Analytics is the strategic and exclusive Financial Technologies event that presents the challenges, solutions for Financial Consolidation from industry thought leaders in an interactive knowledge-sharing environment.
BPM (Business Process Management) IntroductionIntegrify
An introduction to BPM for teams looking to improve business processes through business process management (BPM). This is an abridged version of the full BPM guide.
1. How to measure your
business resiliency
Define the KPI’s/KRI’s and scorecards to
control your security and business
continuity capabilities?
Krzysztof Pulkiewicz | BCMLogic
2. Abstract
Business Continuity Management is the process, not just a one-time
project activity. In order to control the alignment between the BC plans
and business as usual as well as synchronize the changes, it is required to
setup the scorecard based measurement process.
The set of KPI's and KRI's is aimed to visualize the maturity of BCM, risk vs.
lost metrics and level of protection mechanisms against the business
requirement.
I will present the business resiliency scorecard framework with special
focus on the methods of data gathering and integration with IT
infrastructure landscape.
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
3. Agenda
Why to measure?
What to measure?
How to gather data?
How to present results?
How to do it in practical way?
Key takeaways
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
4. KPI primer
KPI/KRI fundamentals
Key performance indicator(KPI) is a measure of performance, commonly used to help an organization
define and evaluate how successful it is, typically in terms of making progress towards its long-term
organizational goals.
Key Risk Indicators Measures are used to indicate how risky an activity is. KRI give us an early warning
to identify potential event that may harm continuity of the process
From row data to metrics A Key Performance Indicator
• Must be something that can be measured and
• Details raw information
continued to be measured
• Metrics are refined data
• Must be precise, meaningful and understandable
• KPIs are metrics with business-
• Must be relevant to the business
context
• May be required by legislation and/or Regulations
• Business context makes security
relevant. • Must have a measurement index that has meaning
• Should be tied to the organization’s vision and
strategy
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
5. Why to measure?
• You can control only the things you really cannot measure
• To understand the overall readiness level of your company
• To justify investment
• To plan and assess the risk based on the statistic and past experience
• Executives love metrics and dashboards. Always time-constrained, they ask for
metrics that can be reviewed at a glance
• Money talks - especially when you speak with your CFO
• C-level managers are used to percept from KPI’s- give it to them
• Justify your security investments based on the measurable objectives
• The KPIs can be used to help comply with legislative or regulatory
requirements
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
6. What to measure?
Recoverability Planning Compliance Technology BC project
Can our organization be Status and results of Regulatory and audit Project based reporting
planning activities point of view
recovered within our
tolerance for downtime?
• Incidents statistic • BIA overview • BCM Maturity • IT infrastructure • Milestones
• How did we react? • Risk assessment • Compliancy level • IT services SLA • Financial spent
• FTE effort
results • Risk assessment • Service Desk
• Processes covered results • Business RTO/RPO vs.
technology
by BCP capabilities
• Minimum
operational teams
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
7. BIA overview
Tactical view on the BIA requirements
• # of Department- Business Impact Analyses vs. Total Expected
• # of Department- Table Top Exercises Completed vs. Total Expected
• # of Supplier Business Continuity Assessments Completed vs. Total Number of “Critical” Suppliers
• Ten top processes (based on criticality score)
• Most critical assets
• RTO/RPO distribution
Example BIA dashboard
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
8. Tłumaczenie radar chart
BIA per business unit
Tactical view on the BIA requirements defined at the level of each business unit
• Financial impact over time
• Time wise
• One day stop
• Reputation impact
• Formal and Legal impact
• Number of scenarios affecting the business unit
• Required assets (MAC)
• Minimum operational team vs. total unit
headcount
Radar charts allows to visualize benchmarking
• Critical processes vs. all processes handled by
unit
Business Unit X Business Unit X
Criticality Business Process BIA Updated Plan Updated Tested Criticality Business Process Recovery Objective Recovery Capability Gap
(based on most recent test)
1 Call Center customer support Yes Yes Yes 1 Call Center customer support
4 hours 8 hours 4 hours
2 Accounts Payable Yes No No 2 Accounts Payable 2 hours 1 hour 1 hour
1 Liquidity managment No No No 1 Liquidity managment 2 days 2 days 0
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
9. BIA per business process
Criticality level defined for each process
• Prioritize the BC process list based on:
– Business impact when interrupted
– Vulnerability of underlying assets
– Risk level
• Benchmark criticality among different business units/ entities
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
10. Tłumaczenie + oryginalny wykres
Risk assessment
Defined scenarios are depicted based on the probability and impact
Przykładowe scenariusze: Przykładowe scenariusze/rozwiązania:
• •
High
Niedostępność budynku Centrali relokacja Awaria zasilania/agregaty
• Awaria IT- Disaster Recovery • Awaria łączy/redundantne linie telekomunikacyjne
PREVENTION ELIMINATION
TOLERANCE MONITORING
Impact
Przykładowe scenariusze: Przykładowe scenariusze
• Chwilowa przerwa w zasilaniu • Przeciążenia zasobów IT/ monitorujemy
• Okresowa absencja pracowników elementy systemów
High
Low Probability
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
11. Readiness level
No. BCM management objective Related example KPI
Proper crisis situation management (incident Number of reported incidents
1 management, start-up and implementation of
the recovery tasks) The ratio of the risk response plans for scenarios of potential threats
Number of incidents that were not closed before crossing the processes RTO that are related
to. Incidents can be divided into:
Eliminating the potential effects of process - incidents that concerned the processes associated with financial impact
2
interruption
- incidents that concerned the processes associated with reputation impact
- incidents that concerned the processes associated with law impact
Providing processes resume after the crisis
3 The ratio of recovery tasks completed successfully for all recovery tasks
situation
Number of performed BCM tests
The ratio of the number of BCM plan tests completed successfully for all BCM plan tests at this
Continuous development and improvement of
4 time
BCM
Number of risk which probability or potential impact was reduced after implementation BCM
corrective tasks
To report the progress of BCP project:
• How many process have contingency measures
• How many scenarios are planned
• How many solutions tested
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
12. IT services management
Monitor and visualize critical service conditions
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
13. Example KPIs
Typical examples of BC KPIs that can be included in a BC Policy Document:
• Level of disruption response/recovery time
• Time to detect disruptions
• Time to trigger action to disruption events
• Time to complete recovery action
• Time to declare `business as usual'
• Level of business continuity testing/exercising/audit
• Level of service delivery and quality acknowledgement by clients?
• Level of knowledge of business continuity awareness/acceptance/culture
• Level of availability and/or knowledge of alternative fall-back to critical resources
(human/ technical/ location)
• Level of effectiveness of Service level agreements
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
14. Effectiveness of Investment
• KPIs can be used to measure the Effectiveness of Investment (EOI)
• A Return on Investment (ROI) for business continuity is difficult to measure since risk, and
especially risk reduction, is challenging to quantify in terms of money
• The Effectiveness of Investment (EOI) could be the comparison of the effectiveness of the
resiliency measures with the value of the investment
• Proper KPI/KRI reporting may also provide a financial institution the ability to reduce the
percentage of reserve required to offset operational risk defined by the Basel II, Solvency
High Cost
Equilibrium
Loss
Risk
Low Protection High
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
15. How to gather data?
Methods
• Retrieve information from IT systems
– Data base interface (direct or ETL)
– API
• Gather information from people
– Automated forms workflow (reporting)
Sources
• Service Desk system (incidents, time to resolve)
• IT infrastructure monitoring (alerts, up/downtime,
service level)
• BPM (process effectiveness)
• PMO (project reporting)
• Call Center
• People (line managers)
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
16. How to visualize?
The reporting mechanism must support three purposes
• Highlight or alert whether business expected targets are being not met
• Provide trending and an overview of performance indicators
• Provide details that pinpoint which areas within each performance indicator require
actions
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
17. KPI reporting audience
Each audience may require different information and different presentation
Value at Risk
• The level of aggregation and
C-level Complikancy level or abstraction required may
BC scope and cost vary considerably
• You may not want to talk
Business continuity events about number of backup site
Managers workstations to the Chairman
of the Board!
IT service availability
Business E2E process SLA • Don’t assume that the higher
units Customer service level the level, the simpler the
Customer service downtime presentation
IT infrastructure failures
IT MTTR RTO /RPO
DR testing
Critical services incidents
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
18. How to do it in practical way?
• Define 10-15 (smart) KPI
• Identify the KPI stakeholders (RACI)
• Understand where information resist
• Leverage the available data to link the KPIs to other
• key operational metrics that include both technology
• and process metrics
• Integrate with other systems and applications
• Use existing reporting capabilities to establish periodical reporting
• You can use MS Excel or one of the specialized tools
• Share the information across the organization
• Make the KPIs actionable
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
19. KPI reporting mistakes
• Lack of management commitment
• Measuring too much, too soon
• Measuring too little, too late
• Measuring the wrong things
• Imprecise KPI definitions
• Using KPI data to evaluate individuals
• Using KPI to motivate, rather than to understand
• Collecting data that is not used
• Lack of communication and training
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com
20. Key takeaways
1. Define measurable objectives of the security process
2. Utilize existing data sources
3. Learn from the past
4. Align the results presentation to the audience
5. KPIs can be used to help comply with legislative or regulatory requirements
Platforma Zarządzania Ciągłością Działania BCMLogic | www.bcmlogic.com