Implementing a Successful Business Continuity ProgramJamie Sanderson-Reid, CPP, CISSP, MBCI, CCSP

Malcolm B. Reid, CPP, FBCI, CBCP, CFE

Today’s agenda

• Introduction

• Situation

• Challenge

• Solution

• Outcomes

• Discussion

ABOUT YOUR SPEAKER

ABOUT YOUR SPEAKER, CONT’D

ABOUT YOUR CO-SPEAKER

ABOUT YOUR CO-SPEAKER, CONT’D

Situation

• Global financial services organization

• Operations in AMERS, APAC,EMEA

• BC policy out of date and not clear on requirements

• Existing plans out of date and built around a tool which is now obsolete

• Audit requirements to have BC Program and Plans approved and validated

Challenge

• Multiple time zones and different cultures and priority for each business unit.

• “Fear” of transparency/sharing information openly across organization.

• Lack of understanding of relationship between crisis management, business continuity, and disaster recovery.

• Lack of accountability for updating business continuity documentation.

• Tool selection and cloud requirements for SaaS providers

Solution

• 7 Steps to BC Program

• PDCA Approach

• Project Management Techniques

• New Tool to manage all CM, BC, and DR plans and procedures

PDCA Cycle

Plan

Do

Check

Act

7 STEPS TO A WORLD-CLASS BUSINESS CONTINUITY PROGRAM

Initiation

Top Management Support

Business Driven Requirements in Policy

Awareness Value Add to Organization

Current Trends

Horizon Scanning

Competency TrainingPolicy Requirements

How to Use Tools

Relationship BuildingSeek Feedback

Understanding Group Needs

Simplify/Improve Processes

Injection

Assessment

Options to achieve RTO

Feasibility

Cost/Benefit

Strategy

Planning

ACTIONABLE PROCEDURES TAGGED TO NAMED TEAMS AND INDIVIDUALS

UNDERSTOOD THRESHOLDS FOR ACTIVATION &

ESCALATION

APPROPRIATE TOOLS

Testing

Key Threats/Hazards & Areas for

Improvement

Exercise Program Priorities

Exercise Objectives Core Capabilities

Auditing

Align with ISO22301 & Best Practices

Crosswalk/Gap Analysis against ISO22301

Policy Requirements Evidence

Outcome

• Program in place with path for maturity.

• Greater awareness of resilience requirements including alignment between crisis management, business continuity and disaster recovery.

• Actionable plans and procedures for recovery.

• Greater confidence in ability of the org to respond to any disruption.

• Completed all audit requirements.

Discussions & Questions

• Email: consulting@brisonltd.com

• Linkedin: