Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay...
Transcript of Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay...
![Page 1: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/1.jpg)
Business Continuity and Supply Vulnerabilities
![Page 2: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/2.jpg)
The leading nonprofit that helps organizations around the world prepare for and recover from disasters.
The leading nonprofit that helps organizations around the world prepare for and recover from disasters.
We provide education, accreditation, and thought leadership in business continuity and related fields.
We provide education, accreditation, and thought leadership in business continuity and related fields.
![Page 3: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/3.jpg)
Truly International
DRI has Certified Professionals in over 100
Countries
DRI conducts training courses in over 50 countries
Since 2009, DRI taught more students outside the United
States than within
DRI has over 13,000 active certified professionals (more
than all other organizations in our industry combined)
Since 1988, more than 26,000individuals have held a DRI
certification
DRI International conducts training and certifies
individuals in 10 languages.
![Page 4: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/4.jpg)
APEC: Only officially recognized business continuity certification
DRI Canada is a member of the Technical Committee for the CSA Z1600 Standard
Japan: Joint Declaration on overcoming future crises with municipal governments
Singapore: Exclusive training partner for Singapore Business Federation
Malaysia: Annual DRI conference with the Ministry of Science, Technology and Innovation
UAE: Member of Standards Committee Advisory Team
Europe: Presented at the Interparliamentary Center for Parliamentary Studies (Belgium) and the IDRC (Davos, Switzerland)
United States: Chair, Alfred P. Sloan Committee to draft the Framework for Preparedness that is the foundation for the Title IX Implementation.
Member, U.S. Chamber of Commerce Homeland Security Task Force
Member, Council of Experts for ANSI-ANAB
Member, FEMA National Advisory Council Private Sector Subcommittee
Member, Advisory Committee for Congressionally funded Project for National Security Reform
Advisor, Special Assistant to The President for Homeland Security Standards Policy
Nigeria: Participate in regular embassy drills
Mexico: National standards advisor
International Government CollaborationInternational Government CollaborationInternational Government CollaborationInternational Government Collaboration
![Page 5: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/5.jpg)
ConferencesConferencesConferencesConferences
DRI2014Atlanta, United States
DRI2013Philadelphia, United States
DRI2012New Orleans, United States
KL2013KL2014Kuala Lumpur, Malaysia
Business Continuity ForumIstanbul, Turkey
“Knowledge Grows by Sharing”Hyderabad and Banaglore, India
Urban Security EventRome, Italy
Crisis and Emergency Management ConferenceAbu Dhabi, United Arab Emirates
Business Continuity ForumDoha, Qatar
PwC International BCM ConferenceSan Juan, Costa Rica
Global Risk ForumDavos, Switzerland
The State of The Art of Business Continuity and Disaster RecoveryISACA: True Risk Management – The Road to ConvergenceSingapore
DRI DaySao Paolo, Brazil
Low Carbon Earth SummitQingdao, China
Congreso BCM y ERMMexico City, Mexico
the Role of the Central Bank and BCMManila, Philippines
Congreso ALCONTMedellin, Colombia
Japan Signatory to Mutual Aid AgreementJapan BCM Conference: BCM Essentials and BCM TrendsTokyo, Japan
BCM ConferenceBeijing, China
NYU Intercep Global Risk ForumNew York, United States
Mid-Maryland ACP MeetingMaryland, United States
Leadership for Peace and Prosperity ConferenceSan Diego, United States
ACP Liberty Valley MeetingPennsylvania, United States
Great Lakes Business Recovery GroupMichigan, United States
RIMS PERK PresentationKansas City, KS
![Page 6: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/6.jpg)
United Nations Collaboration
DRI is representing the private sector to the Disaster Management Terminology Committee for the United Nations Office of Disaster Risk Reduction
Research conducted in partnership with the European Commission
DRI’s International Glossary for Resiliency is a source document
DRI is hosting a Public Forum in conjunction with the launch of the Hyogo Framework for Action 2
Will launch on the anniversary of the Great Eastern Earthquake and Fukushima disaster
Bottom line: Your voice is being heard by global policymakers
![Page 7: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/7.jpg)
DRI International is only The largest non-academic
institution to receive chapter status
Recognition from the Academic Community
![Page 8: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/8.jpg)
MyDRI Resources
Project Initiation and ManagementProject Initiation and Management
Risk Evaluation and ControlRisk Evaluation and Control
Business Impact AnalysisBusiness Impact Analysis
Developing Business Continuity StrategiesDeveloping Business Continuity Strategies
Emergency Response and OperationsEmergency Response and Operations
Plan Implementation and DocumentationPlan Implementation and Documentation
Awareness and Training ProgramsAwareness and Training Programs
Plan Exercise, Audit and MaintenancePlan Exercise, Audit and Maintenance
Crisis CommunicationsCrisis Communications
Coordination with External AgenciesCoordination with External Agencies
DRI International is an ANSI-Accredited Standards Development Organization
![Page 9: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/9.jpg)
Most Used Standard for BCM
The Most Used Standard in the World
BC Management 2013
![Page 10: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/10.jpg)
Doubled the Number of Certified Professionals World wide
Tripled the Number of Certified Professionals Outside the US – Now Accounts for 40%
![Page 11: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/11.jpg)
Introducing DRI International Collegiate Conferences
• One-day conference in conjunction with an Institution of Higher Learning
• Admission - $50 Tax-Deductible donation to the DRI Foundation
• Includes all meals and materials• A Chance for Everyone to Attend a Conference
• Minimal Cost• More Venues
• A Chance for Professionals and Academics to Meet
![Page 12: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/12.jpg)
Collegiate Conference ScheduleCollegiate Conference ScheduleCollegiate Conference ScheduleCollegiate Conference Schedule
• April 10, 2015: University of Maryland Smith School of Business, Oak Ridge, Maryland
• July 10, 2015: Dominican College, San Francisco, California
• October 23, 2015: Centennial College, Ontario, Canada
• January 25, 2016: St. John’s University, New York, New York
• Registration is Limited: Register Now at www.drii.org
![Page 13: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/13.jpg)
• To help pay for rising education costs• $5,000 for a high school senior • Parent or legal guardian must be a Certified
Professional in good standing• Applications available at www.driif.org• Available March 9, 2015• Applications due May 1, 2015
DRI Foundation ScholarshipDRI Foundation ScholarshipDRI Foundation ScholarshipDRI Foundation Scholarship
![Page 14: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/14.jpg)
Helping Nonprofit Helping Nonprofit Helping Nonprofit Helping Nonprofit Professional OrganizationsProfessional OrganizationsProfessional OrganizationsProfessional Organizations
◦ DRI is NOT a Membership Organization◦ We rely on professional nonprofit organizations for:
◦ Disseminating and sharing information◦ Networking◦ Furthering the Profession
◦ Professional Non-Profit Organizations:◦ Financial Challenges◦ Membership Building
![Page 15: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/15.jpg)
◦ Double our Financial Commitment◦ We changed our CEAP formula:
◦ Certified Professionals will receive more CEAPs for:◦ Professional NPO Events, Meetings, Conferences◦ Presentations, Articles
◦ Our aim is to help them:◦ Increase membership and commercial sponsorship
◦ Meeting with Organizations to Tell Us How DRI Can Help
Helping Nonprofit Helping Nonprofit Helping Nonprofit Helping Nonprofit Professional OrganizationsProfessional OrganizationsProfessional OrganizationsProfessional Organizations
![Page 16: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/16.jpg)
Charitable Giving and VolunteerismCharitable Giving and VolunteerismCharitable Giving and VolunteerismCharitable Giving and Volunteerism
•Resilient communities worldwide
Vision
•To promote disaster risk reduction through partnership and education•To aid recovery efforts through fundraising and volunteerism
Mission
![Page 17: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/17.jpg)
A Look at Supply Chain Issues
![Page 18: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/18.jpg)
Challenges
Supply ChainFrom
Albuquerque to Sendai & Beyond
Cyber ThreatsExtending
Supply Chain Scope
Insurance Risk Transfer
Real ROI
![Page 19: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/19.jpg)
Supply ChainFrom Albuquerque to Sendai & Beyond
![Page 20: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/20.jpg)
Supply Chain
![Page 21: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/21.jpg)
Supply Chain - Manufacturing
![Page 22: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/22.jpg)
Sales Order Processing
Billing
Customer Order
Service Delivery
Customer Invoice
Customer Service
Payment
Supply Chain - Order to Cash
![Page 23: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/23.jpg)
Procurement and Strategic
Sourcing
Inventory Planning and Management
Customer Service and
Support
Physical Distribution
Transportation Management
Supply Chain
![Page 24: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/24.jpg)
Nokia vs. Ericsson -- March 17, 2000
Pre Fire Ranking – Nokia (32%)
– Motorola (22%)
– Ericsson (12%)
On July 20, 2000, Ericsson reported that the fire and component shortages had caused a second-quarter operating loss of $200 million in its mobile phone division. Total loss $400 million
Post Fire Ranking– Nokia shipments grew by 10.5 percent over the previous year,
to 140 million units.
– Motorola shipments dropped by 1.7 percent to 59 million units.
– Siemens shipments grew by 10.2 percent to 30 million units.
– Samsung shipments grew by 36.8 percent to 28 million units.
– Ericsson shipments dropped by 35 percent to 27 million units.
10 Minute Fire in Albuquerque Philips Microchip Plant
![Page 25: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/25.jpg)
Why Nokia Gained and Ericsson Lost
Considered solutions before event occurred
Understood the need
Implemented recovery at other Philips plants
Believed early reports of little damage and interruption
Smart people will find a solution
Prep
arat
ion
-Nok
iaW
ishful Thinking -Ericsson
![Page 26: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/26.jpg)
Once Burned:Better BCM Means More Reliable Suppliers
Business Interruption and Recovery Plan
Supplier will provide Motorola with a detailed, written business interruption and recovery plan, including business impact and risk assessment, crisis management, information technology disaster recovery, and business continuity. Supplier will update the plan annually. Supplier will notify Motorola in writing within twenty-four (24) hours of any activation of the plan.
Motorola Corp 2002
![Page 27: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/27.jpg)
Japanese Impact Upon Supply Chain
• GM shuts down for lack of supplies• Chrysler – Ford no Red Black Pigments• Apple iPad2 Backorder• Chip shortage• Chip increased prices• Case Polishing
![Page 28: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/28.jpg)
Japan as a Supplier
![Page 29: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/29.jpg)
Changing Direction
Moving More Production Off Shore
Some 70 per cent of domestic manufacturers expect at least one partner in their supply chains to speed up relocation efforts overseas, a trade ministry poll showed, accelerating a nearly two decade-long migration of Japanese manufacturing capability overseas.
"Relocating is on the table for many executives. If a key supplier or partner moves, that could trigger a large exodus," said Shuzo Takada, director of the ministry's industrial revitalisation division.
![Page 30: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/30.jpg)
Changing Direction
Moving More Production Off Shore
RenesasElectronics,
plans to increase offshore
production from 8% - 25%
Fujitsu plans to shift more chip
output to a factory in China
Hoya, is planning its
first overseas plant in China
Off Shore Back Up
Mitsui Mining & Smelting,
which supplies 90 percent of the ultra-thin
copper foil used in
smartphones, is building a
backup production line
in Malaysia.
Japanese Firms Plan to Set Up
Backup Production
Bases in Taiwan
The two Japanese firms,
one a semiconductor-
equipment maker and the
other an electronic chemical material
supplier, plan to make
investments totaling
NT$600 million in value.
![Page 31: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/31.jpg)
Mapping Risk in Supply Chain
![Page 32: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/32.jpg)
Emerging Supply Chain Risks
Risk & Insurance Magazine
![Page 33: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/33.jpg)
Cyber Threats Extending Supply Chain Scope
![Page 34: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/34.jpg)
• Natural Disasters
• Man-Made Incidents
• Technology Failure
The Risks Increase
![Page 35: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/35.jpg)
The Risks Increase
• Pandemics• Nuclear, Biological, Chemical• Political• Economic• Cyber
![Page 36: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/36.jpg)
The Risks Increase
valuewalk.com
![Page 37: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/37.jpg)
Hackmageddon.com
The Changing Face of Hackers
![Page 38: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/38.jpg)
Cyber Crimes In The News
U.S. notified 3,000 companies in 2013 about cyberattacks
![Page 39: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/39.jpg)
The New Attacks – Easy
Source of Attacks◦ Find a trusted source (third party vendor)◦ One with less than adequate security – phish, hack◦ Steal credentials◦ Gain entry to Target POS◦ Test the hack◦ Spread to rest of POS system – live Credit/Debit card info◦ Upload (FTP) data to innocent servers in Miami and Brazil◦ Data winds up in Russia and Eastern Europe
SUPPLY CHAIN WEAKNESS AFFECTED CUSTOMERCREATED POTENTIAL LEGAL LIABILITY
![Page 40: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/40.jpg)
![Page 41: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/41.jpg)
More Pressure to Perform Due Diligence on Supply Chain
New Regulations to Ensure Vendor SecurityNew Regulations to Ensure Vendor SecurityNew Regulations to Ensure Vendor SecurityNew Regulations to Ensure Vendor Security
• Omnibus Rules – Vendor Due DiligenceHIPAA • Third-Party Providers, Key Suppliers, and Business
Partners• Cybersecurity Assessment Pilot Program
FFIEC
• Third Party Relationships OCC
• Assessing how firms manage cybersecurity threatsFINRA• Credit Card Processing (Outsourcing cloud services
provider, hosted call-center, IT services firm, disaster recovery location, document storage company)PCI
![Page 42: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/42.jpg)
BULLETINBULLETINBULLETINBULLETIN 2013201320132013----29292929A bank should adopt risk management processes commensurate with the level of risk and complexity of its third-party relationships.
A bank should ensure comprehensive risk management and oversight of third-party relationships involving critical activities.
An effective risk management process throughout the life cycle of the relationship includes◦ plans that outline the bank’s strategy, identify the inherent risks of the activity, and detail how the bank
selects, assesses, and oversees the third party.◦ proper due diligence in selecting a third party.◦ written contracts that outline the rights and responsibilities of all parties.◦ ongoing monitoring of the third party’s activities and performance.◦ contingency plans for terminating the relationship in an effective manner.◦ clear roles and responsibilities for overseeing and managing the relationship and risk management
process.◦ Documentation and reporting that facilitates oversight, accountability, monitoring, and risk
management.◦ Independent reviews that allow bank management to determine that the bank’s process aligns with its
strategy and effectively manages risks.
OCC
The OCC charters, regulates, and supervises all national banks and federal savings associations as well as federal branches and agencies of foreign banks. The OCC is an independent bureau of the U.S. Department of the Treasury.MissionTo ensure that national banks and federal savings associations operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulation
![Page 43: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/43.jpg)
HIPAA – Business Associates – Concerned with ePHI
Focus Area Change Required InternalExisting Agreements With Business Associate Addenda
All Covered Entities must review their existing vendor relationships and affiliations to determine whether any relationship meets the new Business Associate Criteria.All Business Associates must review their existing subcontractor arrangements for compliance purposes.
Inventory all existing contracts and identify all signed Business Associate Addenda and/or subcontractor agreements.
Review contracts signed prior to January 25, 2013 and determine end date for compliance as per transitional rule.
Existing Relationships without Business Associate Addenda
Identify Vendors and/or affiliates or affiliation relationships which involve access or disclosure of PHI and which do not have documented BA addenda.RHIO relationships must include a Business Associate Addendum.A parent or affiliate which provides quality assurance or other functions involving access or review of PHI must have a Business Associate Addendum in place.Vendors who provide PHI to patients must have a Business Associate Addendum in place.Other entities, such as document storage and/or disposal vendors must have a Business Associate Addendum in place.
Conduct a risk assessment of all vendor relationships to identify those that may fall within the new regulatory definitions.Do not overlook corporate relationships with affiliates which do not involve the exchange of information for treatment purposes.
For individuals employed by vendors or affiliates but who may fall within a covered entity’s or Business Associate’s “work force”, assure proper designation and training.
Hybrid Entities Hybrid Entities that perform multiple functions and roles (such as operating a hospital and university) must now include any Business Associate functions under the health care component of its operations subject to the new rules.
Review internal designations of health component for any Hybrid Entity.Assure direct compliance with HIPAA/HITECH as to Business Associate functions carried out by organization.
HIPAA
![Page 44: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/44.jpg)
And One for the US Government
FISMA -(Federal Information Security Management Act)
Federal Highway Administration bid solicitation◦ Security assessment: formal evaluation of control environment (annual)◦ Plan of action: plan to mitigate assessment findings (quarterly)◦ System security plan: documentation of all controls (annual)◦ Security categorization: impact level of each system (annual)◦ System contingency plan: documentation of redundancy (annual)◦ Security policy and workforce training records (annual)◦ Interconnection agreements from sub-contractors (annual)
![Page 45: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/45.jpg)
Government Contract Lost
Oct 10, 2014, 7:01am EDTDayton Business JournalIt seems that being the victim of a data breach could lead to companies losing government contracts, according to a report by the Washington Business Journal. The Office of Personnel Management’s decision not to renew two contracts with US Investigations Services LLC might have set a precedent for how government handles contractor breaches, according to the report.As a reminder, in July 2014, USIS was hit by a cyber attack that reportedly affected 25,000 government employees. USIS suspected it to be "state-sponsored." The government quickly suspended work with USIS and then opted to drop its contracts with the company.Robert Nichols, a lawyer specializing in government contracts at D.C. firm Covington & Burling LLP, says the lost contracts could place higher demands on contractors in securing their work with government data, according to Federal Computer Week.For this reason alone, government contractors must have adequate system protections in place to keep data safe.
![Page 46: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/46.jpg)
Finally
![Page 47: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/47.jpg)
We Waited 12 Years for This?
![Page 48: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/48.jpg)
Enough Defense – Some Offense
![Page 49: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/49.jpg)
Insurance –Risk TransferReal ROI
![Page 50: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/50.jpg)
BCM PROCESS
PLAN PREPARATIONTESTING &
MAINTENANCE
1. Develop BIA questionnaire using Senior Management’s recovery objectives
2. Conduct BIA workshop with Business Representatives
3. Distribute BIAs and receive completed forms from Business Representatives
4. Review BIA Questionnaires
5. Conduct follow-up interviews with Business Unit Representatives
1. Identify and document resource requirements based on BIAs
2. Conduct gap analysis to determine gaps between recovery requirements and current capabilities
3. Explore facility options
4. Define strategy options
5. Select strategy
1. Link/Update Plan Model throughout BCP Process with gathered information
2. Develop Relocation Plans
3. Validate complete plan
1. Develop testing and maintenance requirements
2. Train Associates to create awareness of the BCP Model & individual roles
3. Plan for walk through testing
4. Conduct tests and document test results
5. Update BCP Plan to incorporate lessons learned from testing
1. BIA Kickoff Presentation2. BIA Questionnaire
BCP Leader, Business Unit Representatives
1. Summary of BIAs2. Gap Analysis Report3. Relocation Strategy
Senior Management, BCP Leader, Business Unit Representatives
1. Plan Model2. Relocation Procedures3. Workaround Procedures4. Data Restore Procedures5. IT procedures
Senior Management, BCP Leader, Business Unit Representatives
1.Test Scenario2. Pre-Test Checklist3. Test Monitoring Procedures4. Test Review Report
Senior Management, BCP Leader, Business Unit Representatives, and Third Party Observers
ACTIONS
DOCUMENTATION & PARTICIPANTS
MAJOR STEPS
RISK TRANSFER - INSURANCEINTEGRATES WITH
BI & CBI INSURANCE
OPTIMIZES EXTRA EXPENSE
INSURANCE
BUSINESS IMPACT ANALYSIS
STRATEGY SELECTION
![Page 51: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/51.jpg)
• Business Interruption:. - insurance that provides protection for the loss of profits and continuing fixed expenses resulting from a break in commercial activities due to the occurrence of a peril
BUSINESS INTERRUPTION INSURANCE
• Business Interruption Purpose: To protect the earnings of the insured and do what the insured would do for itself had no loss occurred.
• Business Interruption: “Net Profits Plus Continuing Expenses” or “Gross Earnings less non-continuing expenses”
![Page 52: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/52.jpg)
Contingent Business Interruption InsuranceSupply Chain ProtectionSupply Chain ProtectionSupply Chain ProtectionSupply Chain Protection
•Contingent Business Interruption (CBI) reimburses lost profits and extra expenses resulting from an interruption of business at the premises of a customer or supplier
•Usage:• When the insured depends on a single supplier or a few suppliers for
materials.• When the insured depends on one or a few manufacturers or
suppliers for most of its merchandise.• When the insured depends on one or a few recipient businesses to
purchase the bulk of the insured’s products.• When the insured counts on a neighboring business to help attract
customers, known as a leader property.
![Page 53: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/53.jpg)
Extra expense
Extra Expense: Pays for the extra expense of maintaining operations after an accident to an insured item until normal operations can be restored.
• Pays for expenses over and above those that would have been incurred during normal operation of the business.
• Some of the covered extra expenses are; expenses incurred to avoid or minimize the suspension of operations, expense to repair or replace property, and expense paid for overtime work to speed up the restoration of the business.
![Page 54: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/54.jpg)
Insurance Implications
Maps to Business Interruption and
Contingent Business Interruption
Business Impact Analysis
Indemnity cover bought to compensate for the losses
incurred due to interruption or stoppage of a key suppliers' business.
Maps to Business Extra Expense and Extraordinary
Expense
Strategy Selection
Policy that pays (up to a specified limit) expenses
incurred in restoring a firm to its normal operations (after a
disaster) but not covered under the ordinary business-interruption insurance policy.
![Page 55: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/55.jpg)
Cyberinsurance
• Data Liability – Defense Damages for Data Breach
• Media Liability – Copyright & IP Defense Costs
• Regulatory Coverage – Civil Fines, Not Criminal - Limited
• Remediation Coverage – Notification, Credit Monitoring & Help Desks
• Information Asset Coverage – Restoration of Data and Systems
• Network Interruption Coverage – Denial of Service Attacks
• Extortion Coverage – Ransomware (Crypto Locker)
![Page 56: Business Continuity and Supply Vulnerabilities › assets › CPOConference... · • To help pay for rising education costs • $5,000 for a high school senior • Parent or legal](https://reader034.fdocuments.in/reader034/viewer/2022050719/5f0f4b527e708231d4437296/html5/thumbnails/56.jpg)
Thank You
Questions, Comments