Gartner Webinars - USVCC€¦ · Risk Corporate Compliance/ Oversight Audit Mgmt. Records Mgmt....
Transcript of Gartner Webinars - USVCC€¦ · Risk Corporate Compliance/ Oversight Audit Mgmt. Records Mgmt....
Gartner WebinarsGartner equips leaders like you with
indispensable insights, advice, and
tools to help you achieve your most
pressing objectives
2 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved.
RESTRICTED DISTRIBUTION
Enhance your webinar experience
Ask a
Question
Download
Attachments
Share This
Webinar
3 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved.
RESTRICTED DISTRIBUTION
Roberta Witty
VP Analyst
Connect with Gartner
David Gregory
Sr Director Analyst
Pandemic Preparedness
Requires Strong Business
Continuity Management
4 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Polling Question 1 of 3
How prepared is your organization for the evolving impact of coronavirus (COVID-19)?
A. Highly prepared
B. Somewhat prepared
C. Neither prepared nor unprepared
D. Relatively unprepared
E. Very unprepared
How to participate in our polling
If you are in full screen mode – click Esc
The poll question is on the “Vote” tab.
Please click the box to make your selection.
Upon voting you will see the results.
Thank you!
Q. Polling Question
(please choose 1 answer)
A. Answer
B. Answer
C. Answer
D. Answer
E. Answer
5 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
World Economic Forum: The Evolving Risks Landscape, 2009 to 2019
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
1st
2nd
3rd
4th
5th
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
1st
2nd
3rd
4th
5th
Top 5 Global Risks in Terms of Likelihood
Top 5 Global Risks in Terms of Impact
Economic Environmental Geopolitical Societal Technological
6 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
A Resilient Organization
It operates at full speed in
the face of adversity.
The cost of not being
resilient can be severe
and possibly fatal.
Therefore, resilience must
be deliberately designed.
7 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Organizational Resilience Discipline Inclusion Evolution
BCM(Crisis Management,
Business Recovery,
IT DRM)
Information/
Cybersecurity
Third-Party
Risk
Corporate
Compliance/
Oversight
Audit
Mgmt.
Records
Mgmt.
Quality
Mgmt.
Fraud
Control
Financial
ControlEnter-
prise
Legal
Mgmt..
Environ-
mental
Mgmt.
Health/
Safety
Facilities
Physical
Security
Asset
Mgmt.
Human
Resources
Insurance
IT
Risk
Privacy
OrganizationalResilience
Strategic
Planning
No one is thinking strategically — yet
8 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Business Continuity Management Defined
BCM
Program
Information
Technology and
Data
Equipment/
Operational Technology
External
Stakeholders
Customers
Workforce
Vital
Records
Suppliers/
Partners
Facilities
Crisis/Emergency Management
Business Continuity
IT Disaster Recovery Management
Third-Party Risk and
Contingency Management
Go
ve
rna
nc
e a
nd
Pro
gra
m M
an
ag
em
en
t
9 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Is an All-Enterprise Initiative
BCM Program Discipline Best-Practice Direct Management Responsibility
Governance and Program Management
(BCM program office)
• Enterprise/operational risk management
• BCM steering committee oversight
Crisis/Emergency Management• Senior management executives
• BCM program office manager as facilitator
Business Recovery/Continuity• BCM program office in conjunction with the business
units
IT Disaster Recovery/
Service Continuity Management• CIO office
Third-Party Risk and Contingency
Management
• BCM program office in conjunction with procurement
and the business units
10 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
• Life/Safety
• Business process availability
• Third-party agreement
fulfillment
• Brand recognition/
enhancement
• Revenue/profitability
• Competitive differentiation
• Employer status
• Community confidence
• Future agility
• Client support
• Partner support
• Shareholder value
• Legal, contract and
regulatory compliance
• Understanding of risk
and recovery needs
• Appropriate risk mitigation
• Business interruption
insurance
• Recovery plans
Reliabilityof BusinessOperations
RegulatoryandStakeholderExposure
ExpectedReturn
RiskManagement
Communicating the Value of Business Continuity Management
11 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Base : Business Continuity Management, Excluding DK, n=275
1%
1%
1%
6%
7%
11%
14%
24%
34%
Legal or Chief Counsel
Physical Security
Procurement or Supply Chain Director
CFO (Chief Financial Officer)
Enterprise or Corporate riskmanagement
CISO (Chief Information Security Officer)or equivalent
COO (Chief Operating Officer)
Board of Directors, CEO (ChiefExecutive Officer), President
CIO (Chief Information Officer)
5th (out of 9)
No13%
Yes87%
2019 Security and Risk Management Survey
C00A. Does your organization have a Business Continuity Management (BCM) or IT Disaster Recovery Management program office?
C00B. Which role does the Business Continuity Management (BCM) program office report to?
Base : Business Continuity Management, n=316
Almost 90% Have a BCM or IT DRM Program Office
Business Continuity Management (BCM) or IT
Disaster Recovery Management program Office
Business Continuity Management (BCM) or IT
Disaster Recovery Management reports to…
2017: 86%
2017SURVEY
RANK (out of 8)
3rd
1st
2nd
6th
5th
4th
12 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Base : Business Continuity Management : n=316
C16. Which of the following best describes the outcome of your LAST declared disaster?
Which of the following best describes the outcome of your LAST declared disaster?
3 in 4 Have Declared a Disaster, and 1 in 3 Had Significant Problems
We have never …
Significant recovery problems were encountered with one or more mission-critical business processes
All mission-critical business processes were recovered with minor problems
All mission-critical business processes were recovered according to expected RTOs and RPOs
12%
26%
34%
28%
Percentage of respondents
13 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
50%
48%
50%
39%
45%
44%
46%
56%
5%
8%
4%
5%
Increase Stay the same Decrease
50% of Organizations Expect IT DR and BCM ProgramStaffing to Increase
Staff levels: 2019 to 2018 expected change
Percentage of respondents
C14. How do you anticipate your organization's staff levels for each of the categories to change, if at all, in fiscal year 2019 compared to fiscal year 2018?
Base : Business Continuity Management, Excluding DK
IT Disaster Recovery Business
Unit / IT Staff, (n = 310)
IT Disaster Recovery Program
Office, (n = 312)
Business Continuity Program
Office, (n = 315)
Business Continuity Business
Unit Staff, (n = 313)
14 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Percentage of respondents
50% of Organizations Expect that More than 7% of the IT budget is Allocated to IT Disaster Recovery in FY 2020
IT budget allocated to IT Disaster Recovery – FY 2019 and Estimated FY 2020
C12. Which of the following ranges most closely represents the percentage of your organization's IT budget that has been allocated to IT Disaster
Recovery in fiscal year 2019 and what do you anticipate this to be in fiscal year 2020? FY 2019
Base : Business Continuity Management,Excluding DK:
6%
22%
42%
22%
8%
6%
16%
28%
29%
21%
Less than 1%
1% to less than 3%
3% to less than 7%
7% to less than 10%
10% or more
FY 2019 (n=308) FY 2020 (n=307)
15 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Governance and Program Management People
Processes
Tools
16 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Decision Domains
Policy & Leadership Program Management Architecture Budgets & Investments
Risk Assessment &
Business Impact
Analysis
Recovery Strategies &
SolutionsThird Party Contingency Activation & Execution
17 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Governance Framework: Sample
Enterprise Executive Committee
BC/DRM Steering Committee
Risk
Mgmt.
Corp
Comm.CIOCOO HR BU VPCFO
BCM Program Management Office
Business
Continuity/RecoveryIT Disaster Recovery
Strategic
Policy, Objectives,
Directives
Operational
Methodology, Tools
Tactical
Plans, Procedures
Go
ve
rna
nc
eO
pe
rati
on
al Te
am
s
BU
Leadership
BU
Leadership
BU
Leadership
BU
Leadership
BU
Leadership
BU
Leadership
Human
ResourcesFacilities
Business Unit Leadership Teams Support Leadership Teams
LegalSupport
Leadership
Networking Servers Database
Data Center
IT Leadership Teams
Applications Applications
BU VP
18 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
IT DRM Program Governance Framework: Sample
IT Disaster Recovery Governance
DR Policy,
Scope & Objectives
DR Standards &
Guidelines
DR Roles &
ResponsibilitiesDR Program Mgmt.
Reports &
Scorecards
IT Disaster Recovery Management
IT Disaster Recovery Technologies
DR Strategy(ies) DR Plan DR Exercising DR Test Results, Metrics DR Training
Infrastructure Networks Infrastructure Servers Infrastructure Storage Infrastructure Applications Infrastructure Database
IT Disaster Recovery Services
DR Subscription Services Data Center Facilities ServicesCloud-Based
Infrastructure
Work Area Recovery
ServicesNetwork
Services
19 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Program Office Model: Sample
BCM ProgramOffice
#1 Policies/Standards/
Procedures/Practices
#2Program Management
Reporting/Metrics
#3Business Unit
Advisory/Support
#4Tools
(could be part of #2)
#5 Exercising/Awareness/
Education
AdministrationDisaster Invocation and Management
BCM Executive
Steering Committee
20 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
IT DRM Program Office Model: Sample
IT DRM Program
Management
Data Center/
IT Services Application Support Exercises
Administration Disaster Activation
BCM Steering CommitteeIT DRM Steering Committee
Business Unit Liaison
Enterprise Architecture
IT Infrastructureand Operations
IT Application Development and Support
Information Security
Data/Storage
Network Communications
Standards
Practices and Methodology
Program Compliance
Reporting
Metrics
BCM Program Management Office
Training and
Awareness
IT DRM Program Office
21 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Line of Business Operating Model: Sample
BCM Program Office
Division #1
LOB #1
Business Unit #1
Business Unit #2
Business Unit n
LOB #2 LOB n
Division n Administrative
HR
Legal
Travel
Physical Security
…
IT DRMOffice
Network
Telephony
Platform
Application
Data
Information SecurityLocal BCM/IT DRM Coordinators
Regional BCM
Coordinators
Enterprise BCM Manager
Enterprise IT DRM
Manager
22 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Pandemic Preparedness Framework: Team
Note: Test combinations of leaders for effective crisis management and crisis communication skills
Executive Management Team
PPP Team (Crisis
Management/BCM)
Finance/
TreasuryLegal Facilities IT
Third-Party
Risk and
Contingency
Management
Business
Units
EH&S
Medical
External
Liaisons
Asset
Protections
Physical
Security
Human
Resources
Sales
Supply Chain
Procurement
Customer Relations
Public Relations
Regulatory
23 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Program Management MethodologyPeople
Processes
Tools
24 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Professional Standards and Professional Practices
STANDARDS PROF PRACTICESIT DRM SPECIFIC
ISO/IEC 27031:2011
ISO 22301:2012
25 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
The BCM Program Planning Process
BCM Governance
Risk Assessment & Business
Impact Analysis
Risk Mitigation & Recovery Strategies
Recovery Solutions &
Plans
Exercise Managemen
t/Training & Awareness
Program Maintenanc
e
26 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Business Impact AnalysisPeople
Processes
Tools
27 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Business Impact Analysis
• What is a BIA– A process to prioritize business processes by assessing the quantitative
(tangible) and qualitative (intangible) impact of an outage or disaster
– BIA data should be defined by the business unit(s) and not IT
• Objectives– Identifies the cost of downtime (tangible/intangible)
– Prioritizes business functions into recovery tiers by criticality
– Identifies interdependencies
– Defines the downtime thresholds via a Recovery Time Objective (RTO)
– Defines how current the data needs to be via a Recovery Point Objective (RPO)
– RTOs/RPOs are used as metrics to design the supporting business and IT strategies
What the BIA Doesn’t Tell You
• Identifies recovery expectations from the business unit unrelated to current recovery capabilities.
• The BIA tells you what you need, not how to get there:
– Doesn't dictate a specific recovery approach, sourcing or overall strategy.
– Doesn't always define comprehensive list of interdependencies(app-to-app, database, etc.).
28 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Ensuring That Business Impacts Are Clearly Defined
29 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Business Impact Categories: Sample
Financial Impact: Financial impacts relate to the loss of revenue, increased operating costs, remediation costs, fines/penalties, loss of productivity and loss of efficiency
Brand Impact: Brand or reputational impact relates to the potential negative effect to the company’s brand, shareholder value or loss of confidence from a key stakeholder group: customers, shareholders, partners, employees
Workforce Impact: Workforce impacts relate to the safety and satisfaction of employees and contractors in the work environment
Legal/Regulatory Impact: Legal, compliance and regulatory impacts relate to the organization’s ability to meet legal or contractual obligations, defend the company against internal/external litigation and to comply with regulatory requirements
Customer Experience Impact: Client experience relates to the impact of an outage on a customer, partner or end user; it is related to brand impact but typically has a more direct impact to the customer
30 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Key BIA Questions
• What are the critical operational processes?
• What are their major exposures?
• What are your essential resources? (IT, Workforce,
Partners, Third Parties, Equipment, Vital Records)
• What are the dependencies for business processes
and applications?
• How soon must the business process be available,
and what is the restart position?
• What are the impacts over time for an outage?
• What can you afford to have lost when the process is restored?
• What is the current state of operations recoverability? (Risk mitigation controls, key business processes, workflows, work area and supply chain)
• Do current plans support business objectives?
• In what order do processes, workflows, functions and business partner connections need to be operational for your business unit to recover inthe most-effective way?
• What mitigation controls are currently in place?Do they reduce risk?
• What are the workarounds for this process?
31 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BIA: Business Operations Resources & Dependencies
• Each point of failure or risk that could disrupt service delivery will be subject to a risk management action
plan to either reduce the likelihood of the risk occurring or manage the impact of failure.
• Decisions and action plans around alternative workaround strategies would also be considered at this stage.
32 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Understanding the BIA Process Outputs
Mutually agreed upon business function sequencing and prioritized recovery
Critical organizational objectives and performance levels that are required following a disruption
Operational and financial impact over time of a disruption to each business function
Internal and external business dependencies
Recovery requirements: Maximum allowable downtime (MAD), recovery time objectives and recovery point objectives
Operational resource requirements to recover from a disruption
Identifies business and IT process workarounds
33 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BIA: Business Process Criticality Tiers
Tier Class RTO RPO Description Business/IT Function
0Critical IT
Infrastructure
0-15 mins 0 mins Base infrastructure and common services to be restored prior to business functions.
Network, VPN servers, OS, software/DB DNS, Active Directory
1Mission-Critical/
Platinum
<1 hour 8 hours Business functions with the greatest impact on the company's continued operations — requires immediate recovery.
Client-facing Revenue production
2Business-Critical/
Gold
<24 hours 24 hours May not meet the criteria of mission-critical but will need to be brought up soon after.
Less-critical revenue-producing functions
3Important/
Silver 3-10 days 1 week
Important business processes are those that will require recovery but only after mission-/business-critical.
Administrative functions
4Deferrable/
Bronze 10+ days Last backup
Deferrable business processes not immediately required to support critical business processes. They may be functions that are needed in the long term but not in the first weeks of a disaster.
Budgeting, training/LMS, low-impact activities
Re
co
ve
ry T
ime
lin
e
34 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Recovery StrategiesPeople
Processes
Tools
35 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Continuity Strategy Categories
• Workforce
• Facilities
• Business process transfers
• IT DR sourcing
• Data protection mechanisms
• BCM program management automation
36 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
• Personal Preparedness
Workforce Continuity Strategies
• Workforce on Retainer
• Cross-Training
37 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
• Workarea/workspace recovery
• Work-at-Home
• Hotels
• DR service providers
• Sharing facilities
• Mutual aid
• Mobile unit recovery
Facilities Recovery Strategies
38 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Business Process Recovery Strategies
Move work to other facilities
“Follow the sun” concept
Workaround procedures
Backlog recovery procedures
39 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
IT DR Sourcing & Data Protection Mechanisms
IT DR Sourcing
• Hot Standby Active Processing of Data
• Hot Standby with Automated Failover
• In-House or Colo-Based Warm Site
• Cloud-Based Recovery/DRaaS
• In-House or Colo-Based Cold Site
• DR Provider Cold Site
R
E
C
O
V
E
R
Y
N
E
E
D
S
Longer
Fast/Immediate
Data Protection Mechanisms
• Middleware-Based Transaction Replication
• Database Replication
• Virtual Machine Replication
• Storage-Based Replication
• Backup to Disk
• Backup to Tape
40 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
BCM Program Software Automation
Preparedness Education and Training
(Planning)
Not Covered by Gartner
Crisis/EmergencyManagement
(Activation)
BCM Program
(Planning andActivation)
BCM Software Suites
Emergency/Mass Notification
Services
(Activation)
41 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
The BCM Software Ecosystem: Sample Vendor Mapping
Vendor BCMP EMNS C/EMP
X = Vendor has market functionality
G = Good enough market functionality
P = Vendor partners with market vendors
Everbridge P X X
OnSolve P X P
xMatters P X —
4C Strategies P P X
Grey Wall Software G X/P X
Juvare — P X
Fusion Risk Management X P G
SAI Global X P G
Assurance X X G
42 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Recovery Plan ManagementPeople
Processes
Tools
43 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Dilemma: BCM Plan Development• Having current and complete information
during a crisis is vital for quick and
effective response and recovery.
• Many organizations know that their BCM
plans are outdated and are concerned
that they won't be able to recover from a
disaster if these plans are used.
• Having an enterprisewide BCM plan
management strategy can ensure that
BCM plans are current, viable and
available during a crisis.
• BCMP automation can assist in
developing, maintaining and exercising
BCM plans according to business needs.
44 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Plan Type
Crisis Management
Damage Assessment
Emergency Response
Emergency Notification
External Communications
Insurance Support
Travel Support
Procurement/Vendor
Management
Customer/Partner Support
Shelter-in-Place
IT Disaster Recovery
Business Recovery
Business Resumption
Restoration
Stand-Down
Recovery Plan Structure
Plan View
Enterprise
Division
Location
Country
Region
Business Unit
Department
Product/Service
Customer
Network
Telephony
Platform
Application
Data
Information
Security
One-to-
Many
45 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Sample Recovery Plan Table of Contents
• Introduction
A. Purpose/Objective of the Plan
B. Disaster Definition
C. Recovery Strategy Overview
D. Plan Exercise, Review and Update Overview
• Plan Scope
• Required Availability Capabilities
• Current Recovery Capabilities
• Recovery Dependencies
• Recovery Locations/Facilities
• Disaster Declaration Levels
• Roles and Responsibilities
• Response/Recovery/Restoration Procedures
• Stand-Down Procedures
• Post-Mortem Procedures
Comments/Notes
Abbreviations and Glossary of Terms
Appendices
• IT Disaster Recovery Team
• Recovery Resources
• Map(s) to Recovery Site(s)
• BCM Office Organization Chart
• Crisis Management Organization Chart
• Contact/Call Lists
• Building Floor Plans/Site Maps
• IT Resources: Inventory and Configuration
• Special Equipment Inventory
• Recovery Specific Forms and Checklists
46 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
• Develop a distributed, collaborative BCM organizational model.
• Develop a structured framework of plans.
• Keep plans relevant to the purpose.
• Build simple but detailed plans for use by second- and third-tier workforce.
• Establish a central repository and plan an administration process.
• Implement BCM planning (BCMP) and crisis/emergency management tools.
• Build BCM plan management into the business/project life cycle.
• Exercise BCM plans once a year at minimum.
Failing to document plans appropriately and at the appropriate level of detail may lead to a delayed or incomplete recovery and implemented recovery solutions.
BCM Plan Development Recommendations
47 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Exercise Management People
Processes
Tools
48 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Do You Know How Good Your Recovery
Plan Is?
The objective of BCM programs is to ensure that business
processes can continue in a crisis
Recovery plans exist for many areas
Insufficient exercising
exposes the
organization to larger
consequences from
disruption, including
greater negative
impacts on reputation,
loss of customer
confidence and higher
financial costs.
BCM and IT Leaders Often Fail to Conduct Comprehensive Recovery Plan Exercising
49 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Validate Identify Assess Promote Feedback
Goals of Recovery Plan Exercising
• Business and IT recovery roles and responsibilities
• Recovery requirements
• Recovery procedures
• Capabilities of
team members
• Gaps in recovery
capabilities,
e.g., RTO/RPO
• Resource needs
• Improvement
opportunities
• Team building
and collaboration
• To the BCM
program office
50 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
The Exercise Management Life Cycle
Createan annual
exercise schedule
Determine exercise
methods and types*
Planthe exercise
Executethe exercise
Updaterecovery plans for gaps found
51 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Exercise Methods: "How" to Perform an Exercise
Method Resources Commitment Location Plan Examples
Plan Walk-through (C) Internal Low Conference Room Any (one) plan type
Tabletop (Structured
Walk-Through) (C)
Internal Low Conference Room Crisis Mgmt., multiple
plans (e.g., BCPs)
Component (A or C) Internal
and External
Medium Alternative Site (work
Area or DR Site), Desk
Alternative site test,
notification system,
data center system(s)
Functional Rehearsal (A)
(Simulation)
Internal
and External
High Alternative Site (Work
Area and DR), Third
Parties Involved
Multiple plans and plan
types, all parts
Cutover (A)
(Production to Recovery)
Internal and
External
High Alternative Site (Work
Area or DR Site)
All as appropriate
(C) = compressed time
(A) = actual time
Certain methods require more resources or funding while others require a lower level of commitment.
52 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Pandemic PreparednessPeople
Processes
Tools
53 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Polling Question 2 of 3
How will coronavirus (COVID-19) impact standard business operations?
A. Business operations cannot continue
B. Business operations will be severely restricted
C. Business operations will continue at a reduced level
D. There will be little disruption to business operations
E. Business operations will continue as normal
How to participate in our polling
If you are in full screen mode – click Esc
The poll question is on the “Vote” tab.
Please click the box to make your selection.
Upon voting you will see the results.
Thank you!
Q. Polling Question
(please choose 1 answer)
A. Answer
B. Answer
C. Answer
D. Answer
E. Answer
54 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Polling Question 3 of 3
What area of your business is most exposed?
A. Supply chain / 3rd Party
B. Sales
C. Customer Service & Support
D. Operations & Logistics
E. Other
How to participate in our polling
If you are in full screen mode – click Esc
The poll question is on the “Vote” tab.
Please click the box to make your selection.
Upon voting you will see the results.
Thank you!
Q. Polling Question
(please choose 1 answer)
A. Answer
B. Answer
C. Answer
D. Answer
E. Answer
55 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Pandemic Preparedness: A CEO Imperative
Pandemics aren’t your usual business disruption. Unfolding over months, these events require an extra set of activities that include consultations with epidemiologists, critical role identification and third-party evaluations.
The Pillars of Pandemic Planning, G00719682
56 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Reputation Risk
Strategic Risk
Operational
Credit • Customers
• Suppliers
• Compliance
• Materials/Supplies
• Interest Rates
• Competition
• Economy
• Currency
• Liquidity
• Environmental
• Natural Disasters
• Facility
• Country
• Biohazard
• Biological Disease/
Pandemic
• Geopolitical
• Social Unrest/
Networking
• Information
Technology
• Cybersecurity
• Legal and
Regulatory
• Third Party
• Business Process
• Separation of
Duties
• Workforce
• Corporate Culture
Market
Organizational Resilience Risks: A Pandemic Is an Operational Risk
57 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Benefits of Pandemic Preparedness Planning
• Minimize the impact upon staff.
• Minimize the impact on the organizational supply chain.
• Minimize the impact upon service delivery.
• Minimize the impact upon the IT infrastructure.
• Protect corporate reputation.
• Reduce financial impact.
• Return to new normality sooner.
Plan now: Resources won’t be available if a pandemic strikes
58 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Conditions for Pandemic Preparedness
External Conditions
• Government essential services will be seriously disrupted during a large-scale pandemic; there will be delays in responding to all types of events, e.g., civil unrest, disasters
• Power outages due to utility workforce reduction may be more frequent
• Residential internet supply won’t meet demand in a large-scale pandemic
• Food rationing may occur
• Hospitals may be overwhelmed
• Fuel may be in short supply
Business Conditions
• Multi-location enterprises will likely be more affected than those with a single location
• The key business impact trigger will be a result of the quarantines, travel restrictions, school closures and sick family members
• Supply chain and third-party pandemic preparedness is critical
• Consider cultural and religious differences in preparedness plans
• Technology can help organizations better adapt to the changing situation
Key condition: Staff absenteeism exceeding 40% for extended and sequential periods
Overall Conditions
• A pandemic is worldwide in scope and of indefinite duration
• A pandemic can be a moving target – you need to adjust your expectations and preparations as things change
• Quarantines and travel restrictions may be in place
• Economic conditions become distorted during a pandemic dislocation
59 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Pandemic Preparedness Program Process
Crisis management is essential
1. Establish a pandemic preparedness framework
2. Monitor the situation to determine a change in severity
3. Review finance and treasury implications
4. Extend your clean workplace/personal hygiene protocols
5. Review HR policies and practices
6. Establish a pandemic communications program
7. Review impact on business operations
8. Review IT actions and considerations
9. Review pandemic plan to identify and remediate problem areas
10. After-action review
The end result?
A pandemic plan
60 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
How Gartner Can Help
61 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Ask your questions
Send Question
Type your question here…
62 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Respond, manage and prepare for the impact of coronavirus (COVID-19) using this collection of Gartner resources.
Lead your organization through pandemic disruption
63 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.
Follow Gartner on LinkedIn to stay connected with our experts
Subscribe to Smarter with Gartner to get our latest insights
64 © 2020 Gartner, Inc. and/or its affiliates. All rights reserved.
RESTRICTED DISTRIBUTION
Get more Gartner insights
Download the research slides
View upcoming and on-demand Gartner webinars
at gartner.com/en/webinars
Rate this webinar