International Business Continuity Program Management ... Management... · WorldAPP Key Survey, ......
-
Upload
trinhtuong -
Category
Documents
-
view
216 -
download
0
Transcript of International Business Continuity Program Management ... Management... · WorldAPP Key Survey, ......
Prepared by BC Management
& BC Management’s
International Benchmarking
Advisory Board
July XX, 2009
Prepared by BC Management, Inc.
- January 2012
Business Continuity Program Management Benchmarking Report
- USA Focused
Benchmarking. Plan Ahead. Be Ahead.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 2
Table of Contents
Introduction 4 Reporting History 4 Study Methodology 4 Assessment of Data & Reporting 5 Participant Data & Respondent Characteristics ~ An overview of respondent characteristics. 5-10
Business Continuity Program Management Awareness Study Topics 11-55
Program Maturity
Program maturity ratings 11
IT/ Disaster Recovery & Business Continuity strategies adequately supporting organizations 11-12
Maintain and foster relationships with other external organizations 13
Integration of program with other organizational disciplines 13-15
Status of current program 16-17
Assessment of program expenses, average full-time and part-time employees, average number of disciplines managed in program and average maturity rating by country
17
Budgeting
Budgeting of expenses within organization 17-18
Items included in the budget, percent of total budget and monetary budget amount per item 18
Budget revisions 19
Anticipated increase/ decrease by individual budget line item 19
Personnel
Current dedicated personnel 20
Hiring initiatives for the next year 21
Reduction of full-time, permanently employed personnel in the next year 22
Primary reason behind a reduction in force in the next year 22
Organizational Reporting Structure
Positioning of program for maximum visibility within organization 23
Change to department owner being considered 23
Department owner by program maturity 24
Department owner being considered for a change or department owner preferred 24-25
Program Sponsorship
Assessment by job title on who is totally engaged and sponsoring the program 25
Sponsor of program by program maturity 26
Sponsor’s level of engagement if a chief officer level or above 27
Sponsor’s level of separation from the executive committee 27
Change to level of sponsorship being considered 27
Level of sponsorship being considered for a change or level of sponsorship preferred 28
Program Assessment and Exercising Plans
Reviewing and updating the business impact assessment (BIA) 29
BIA by program maturity 29-30
Leverage the outcome of the BIA and/ or risk assessments to elevate the program 30
Exercising the plans 31
Exercise the plans for mission critical IT assets, mission critical business functions, less critical IT assets, and less critical business functions
31
Exercising the plans by program maturity 32-33
Scenarios implemented to exercise the plans 34
Auditing the program 34
Auditing the program by program maturity 35
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 3
Table of Contents Continued Recovery Time
Contingency program’s point of failure to a point of availability/ up time for the service 36
Estimated financial loss per hour by downtime 36
Technology Recovery Solutions – Internal or External
Utilization of third-party hot site/ alternate site technology providers 37-38
Considering an internal recovery capability 38
Change to the technology recovery solution in the previous two years 38-39
Change to the technology recovery solution in the next year – technology recovery solutions being considered and estimated budget
39
Cloud Computing
Consideration of cloud computing in the next year 40
If yes, rate the factors in your decision making process 40
Consulting Initiatives
Utilization of contractors 41
Longest engagement time for a contractor 41
Consulting work anticipated in the next year 42-43
Vendor Utilization
Utilization of software planning tools 44-45
Consideration software tools in the next year and estimated budget 45-46
Utilization of automated notification tools 46-47
Consideration automated notification tools in the next year and estimated budget 48
Utilization of mobile recovery solutions 49
Consideration mobile recovery solutions in the next year and estimated budget 50 Managing Dispersed Offices
Accountability of offices/ facilities outside current location under existing program 50
Assessment of managing the business continuity program for dispersed offices/ facilities 51
Reasons for Planning, Regulatory Requirements & Organizational Certification
Primary reasons for developing and maintaining a program 52
Regulatory requirements and/or standards to model program after 52-53
Obtaining an organizational certification in a standard 54
Consideration of becoming certified in an organizational standard 54-55
Thank you to BC Management’s International Benchmarking Advisory Board 55 Thank you to our Sponsors and those Organizations who Distributed the Study and/or Report 55 About BC Management, Inc. & Where to Download Complimentary Reports 56 Customize a Report Exclusively for your Organization 56-57
Confidential Report
This is a confidential report. As such, the information within this report should not be shared outside the
organization that requested and purchased the research data. This report is not being distributed as a
complimentary report among the profession. Please contact BC Management if you would like to share or site any
of the information included within the report.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 4
Since 2001 BC Management, Inc. has been gathering data on business continuity management programs and compensations to provide
professionals with the information they need to elevate their programs. Each year our organization strives to improve upon the study
questions, distribution of the study and the reporting of the data collected. Below is a timeline detailing BC Management’s eight years of
business continuity reporting expertise.
* The advisory board is composed of 20 international thought leaders coming from the United States of America, Canada, Latin America, the United Kingdom, Singapore, Australia, China, Japan, and India. Our board encompasses not only business continuity, but also risk management, emergency management, high availability and environmental health and safety.
The on-line study was developed by the BC Management team in conjunction with the BC Management International Benchmarking
Advisory Board. WorldAPP Key Survey, an independent company from BC Management, maintains the study and assesses the data
collected. The study was launched in May 2011 and the study remained open through December 2011. Participants were notified of the
study primarily through e-newsletters and notifications from BC Management and from many other industry organizations. A full list of
participating organizations is included within this report. The study has been translated in 5 languages and it accommodates professionals
who are permanently employed on a full-time or part-time basis, self-employed as an independent contractor or unemployed.
Respondents receive a unique path of branching questions, which is dependent upon their experience and employment status. The
advanced study is coded with extensive JAVA script to ensure a correct question branching path and to eliminate unintelligible data. The
comprehensive study is comprised of two sections spanning over 100 questions. The first section focuses on the factors that impact
compensations within the business continuity and related professions. The second section focuses on the business continuity program
management initiatives, which includes budgets, dedicated personnel, organizational reporting structure, maturity of the program,
exercises, auditing, vendor utilization, program activation during an event and much more. Respondents to the study have the option to
complete one or both sections. Only those respondents who manage a program within business continuity or a related discipline qualify to
complete the program management portion of the study. All participants are given the option of keeping their identity confidential.
Reporting History
Study Methodology
Thank you for purchasing BC Management’s Business Continuity Program Management Benchmarking Report. This report
is designed to give your organization a picture of how other organizations are approaching their business continuity
planning initiatives without any customization relating to your specific organization. The data within this report will be
instrumental in assessing/elevating your business continuity management program.
This report is meant only for the individual who purchased the report. Do not distribute outside of your organization.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 5
BC Management is continuously reviewing and verifying the data points received in the study. Data points in question are confirmed by
contacting the respondent that completed that study. If the respondent did not include their contact information, than their response to
the study may be removed. With our eight years of expertise in collecting and assessing such data points, BC Management has an
exceptional understanding of what is considered questionable or unintelligible data.
WorldAPP Key Survey built a customized reporting tool for BC Management, which enables us to prepare customized benchmarking reports
based on a client’s request. The result is a report that provides a unique understanding on how your program compares to competitors or
other similar organizations. Before creating the customized report, we verify the filters selected by the client and confirm the number of
respondents that will be included in their customized report. The charts and tables are instantaneously created once the client agrees to
the framework of the report. The client receives a PDF document as well as a business intelligence dashboard for further assessment. The
business intelligence dashboard allows the client to further assess the data points within their customized report in a dynamic, user friendly
interface. Study respondent contact information remains confidential and is never revealed. The charts and graphs will reflect what
respondents answered in the study. If a selection within a question is not selected it will NOT be included in the results.
3,152 study participants from over 50 countries as of December 15, 2011. Incomplete/ partial study responses were included as
appropriate within the report. Study was divided into 2 sections.
Business Continuity Compensation – 1,783 professionals participated in the compensation section from 59 countries. Incomplete study responses were included within this report along with the completed responses.
Business Continuity Program Management – 904 professionals participated in the program management section from 37 countries. Incomplete study responses were included within this report along with the completed responses.
Complete responses were received from the following countries: Australia, Belgium, Brazil, Canada, Cayman Islands, China, Colombia,
Denmark, Egypt, France, Germany, Honduras, India, Ireland, Italy, Japan, Kuwait, Malaysia, Malta, Mexico, Netherlands, New Zealand,
Norway, Pakistan, Philippines, Portugal, Qatar, Saudi Arabia, Singapore, South Africa, Sweden, Switzerland, United Arab Emirates, United
Kingdom, United States of America and Venezuela.
USA Respondent Characteristics = 1,364 Study Respondents
Company revenues span from non-profit/ government to over $400 Billion USD.
Study respondents span over 45 industries.
Company corporate locations span from 0-5 Locations to more than 10,000.
Company retail locations span from 0-5 Locations to more than 10,000.
Majority of respondents (38%) are globally distributed organizations.
Company employees span from 0-5 to more than 400,000.
Majority of respondents (63%) managed 5+ disciplines within their program.
Majority of respondents manage multiple disciplines within one program, including Business Continuity Process (Business Focus), Crisis Management, Emergency Management, Pandemic Planning and Disaster Recovery Process (IT Focus) to be the most popular of those disciplines.
Majority of respondents indicated a program existing within their organization for 4-8 years (30%).
Majority of respondents indicated that the program has been thoroughly updated in the last 6 months (35%).
Assessment of Data & Reporting
USA Participant Data & Respondent Characteristics
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 6
Less than $10M, 17%
$10 - $50M, 7%
$50 - $100M, 3%
$100 - $500M, 10%
$500M - $1B, 8%$1 - $10B, 26%
$10 - $20B, 6%
$20 - $50B, 4%
Over $50B, 18%
Revenue in USD
USA Participant Data & Respondent Characteristics Continued
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 7
USA Participant Data & Respondent Characteristics Continued
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 8
USA Participant Data & Respondent Characteristics Continued
Those respondents who noted “Do not
manage a program” were exited from
study.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 9
USA Participant Data & Respondent Characteristics Continued
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 10
USA Participant Data & Respondent Characteristics Continued
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 11
6.34%
15.30%
38.43%
28.36%
11.57%
Program Maturity - Self Rating
Very Immature
Immature
Average
Mature
Very Mature
Program Maturity
To your knowledge, do you feel your current IT/Disaster Recovery and Business Continuit y
strategies adequately support the needs of your organization? If no, please select which best
describes future action for improvement. (An assessment of USA respondents.)
In your opinion, how would you rate the maturity of your program? Please rate on a scale of 1
to 5 with 1 meaning “Very Immature” and 5 meaning “Very Mature”. (An assessment of USA
respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 12
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 13
Discipline Integration by Program Maturity Rating
Disciplines Maturity Rating 1-No
Integration 2 3 4
5-Completely Integrated
Audit
All Respondents 23.53% 17.65% 17.65% 23.53% 17.65%
Very Immature 23.53% 17.65% 17.65% 23.53% 17.65%
Immature 22.45% 22.45% 22.45% 18.37% 14.29%
Average 11.50% 20.35% 35.40% 25.66% 7.08%
Mature 6.82% 13.64% 25.00% 38.64% 15.91%
Very Mature 0.00% 13.64% 18.18% 36.36% 31.82%
Business Unit Participation
All Respondents 2.75% 12.37% 29.55% 32.99% 22.34%
Very Immature 17.65% 29.41% 29.41% 11.76% 11.76%
Immature 4.00% 24.00% 36.00% 22.00% 14.00%
Average 1.75% 9.65% 35.96% 32.46% 20.18%
Mature 1.14% 9.09% 21.59% 44.32% 23.86%
Very Mature 0.00% 0.00% 13.64% 31.82% 54.55%
Change Management
All Respondents 14.19% 26.64% 32.18% 19.72% 7.27%
Very Immature 23.53% 29.41% 11.76% 23.53% 11.76%
Immature 18.00% 38.00% 32.00% 8.00% 4.00%
Average 14.91% 27.19% 33.33% 19.30% 5.26%
Mature 10.34% 21.84% 37.93% 24.14% 5.75%
Very Mature 9.52% 14.29% 19.05% 28.57% 28.57%
Compliance All Respondents 6.90% 16.90% 34.48% 26.55% 15.17%
Very Immature 11.76% 29.41% 17.65% 29.41% 11.76%
Immature 16.00% 18.00% 40.00% 16.00% 10.00%
Average 5.31% 20.35% 36.28% 27.43% 10.62%
Mature 2.27% 11.36% 37.50% 30.68% 18.18%
Very Mature 9.09% 9.09% 13.64% 27.27% 40.91%
Crisis Management
All Respondents 5.15% 6.53% 15.81% 33.33% 39.18%
Very Immature 35.29% 11.76% 11.76% 17.65% 23.53%
Immature 10.00% 10.00% 22.00% 26.00% 32.00%
Average 2.63% 8.77% 19.30% 39.47% 29.82%
Mature 1.14% 2.27% 12.50% 37.50% 46.59%
Very Mature 0.00% 0.00% 0.00% 13.64% 86.36%
In your opinion, does your organization strive to maintain and foster relations hips with external
agencies to ensure the recovery of your organization during a disaster? If your organization is
an external agency, do you strive to maintain and foster relationships with other external
agencies and outside organizations? Please rate on a scale of 1 to 5 with 1 meaning strong
disagree and 5 meaning strongly agree. (An assessment of USA respondents.)
How well integrated are the following within your organizational program? Please rate on a
scale of 1 to 5 with 1 meaning NO INTEGRATION and 5 meaning COMPLETELY INTEGRATED. (An
assessment of USA respondents.) *All related enterprise discipl ines are l isted within the study to accommodate a variety of discipline expertise .
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 14
Discipline Integration by Program Maturity Rating
Disciplines Maturity Rating 1-No
Integration 2 3 4
5-Completely Integrated
Disaster Recovery Focus) Process (IT
All Respondents 2.41% 4.81% 17.18% 37.80% 37.80%
Very Immature 17.65% 11.76% 23.53% 35.29% 11.76%
Immature 4.00% 8.00% 30.00% 40.00% 18.00%
Average 1.75% 3.51% 20.18% 41.23% 33.33%
Mature 0.00% 3.41% 9.09% 37.50% 50.00%
Very Mature 0.00% 4.55% 0.00% 18.18% 77.27%
Emergency Management
All Respondents 3.78% 9.62% 16.84% 35.74% 34.02%
Very Immature 23.53% 11.76% 23.53% 23.53% 17.65%
Immature 6.00% 18.00% 26.00% 28.00% 22.00%
Average 3.51% 12.28% 17.54% 35.96% 30.70%
Mature 0.00% 1.14% 12.50% 44.32% 42.05%
Very Mature 0.00% 9.09% 4.55% 27.27% 59.09%
Executive Protection
All Respondents 21.25% 23.69% 26.13% 19.16% 9.76%
Very Immature 41.18% 17.65% 17.65% 11.76% 11.76%
Immature 32.00% 30.00% 24.00% 10.00% 4.00%
Average 19.47% 29.20% 26.55% 17.70% 7.08%
Mature 15.29% 14.12% 30.59% 29.41% 10.59%
Very Mature 13.64% 22.73% 18.18% 13.64% 31.82%
Facilities Management
All Respondents 5.86% 16.55% 31.03% 32.76% 13.79%
Very Immature 29.41% 5.88% 47.06% 11.76% 5.88%
Immature 6.12% 20.41% 34.69% 30.61% 8.16%
Average 5.26% 22.81% 34.21% 30.70% 7.02%
Mature 3.41% 12.50% 26.14% 38.64% 19.32%
Very Mature 0.00% 0.00% 13.64% 40.91% 45.45%
Health & Safety - Environmental
All Respondents 13.24% 21.60% 25.78% 29.62% 9.76%
Very Immature 41.18% 11.76% 23.53% 11.76% 11.76%
Immature 14.29% 20.41% 38.78% 18.37% 8.16%
Average 11.61% 28.57% 25.89% 29.46% 4.46%
Mature 5.75% 20.69% 22.99% 37.93% 12.64%
Very Mature 27.27% 0.00% 9.09% 36.36% 27.27%
Health & Safety - Occupational
All Respondents 13.33% 21.40% 26.67% 26.32% 12.28%
Very Immature 29.41% 17.65% 29.41% 11.76% 11.76%
Immature 12.77% 25.53% 36.17% 17.02% 8.51%
Average 12.50% 25.00% 26.79% 29.46% 6.25%
Mature 8.05% 20.69% 24.14% 28.74% 18.39%
Very Mature 27.27% 0.00% 13.64% 31.82% 27.27%
Information Technology
All Respondents 2.43% 7.64% 18.06% 40.28% 31.60%
Very Immature 12.50% 18.75% 12.50% 37.50% 18.75%
Immature 4.08% 16.33% 18.37% 44.90% 16.33%
Average 1.77% 7.96% 25.66% 44.25% 20.35%
Mature 1.14% 1.14% 13.64% 37.50% 46.59%
Very Mature 0.00% 4.55% 0.00% 22.73% 72.73%
Media Crisis Management
All Respondents 9.00% 13.49% 25.95% 31.83% 19.72%
Very Immature 35.29% 17.65% 17.65% 17.65% 11.76%
Immature 14.29% 20.41% 32.65% 26.53% 6.12%
Average 9.65% 16.67% 25.44% 31.58% 16.67%
Mature 2.30% 8.05% 27.59% 39.08% 22.99%
Very Mature 0.00% 0.00% 13.64% 27.27% 59.09%
Pandemic Planning
All Respondents 7.56% 11.00% 19.24% 31.62% 30.58%
Very Immature 35.29% 17.65% 11.76% 23.53% 11.76%
Immature 12.00% 16.00% 20.00% 32.00% 20.00%
Average 7.89% 10.53% 20.18% 34.21% 27.19%
Mature 1.14% 7.95% 22.73% 29.55% 38.64%
Very Mature 0.00% 9.09% 4.55% 31.82% 54.55%
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 15
Highlighted figures indicate the highest figures in each row by program maturity.
Discipline Integration by Program Maturity Rating
Disciplines Maturity Rating 1-No
Integration 2 3 4
5-Completely Integrated
Privacy
All Respondents 15.86% 20.00% 28.62% 21.72% 13.79%
Very Immature 29.41% 23.53% 17.65% 17.65% 11.76%
Immature 26.00% 24.00% 28.00% 18.00% 4.00%
Average 15.93% 22.12% 28.32% 23.01% 10.62%
Mature 7.95% 15.91% 34.09% 22.73% 19.32%
Very Mature 13.64% 13.64% 18.18% 22.73% 31.82%
Records Management
All Respondents 15.33% 22.30% 29.97% 20.91% 11.50%
Very Immature 35.29% 11.76% 17.65% 17.65% 17.65%
Immature 22.45% 22.45% 32.65% 14.29% 8.16%
Average 15.04% 26.55% 30.97% 19.47% 7.96%
Mature 8.14% 18.60% 33.72% 27.91% 11.63%
Very Mature 13.64% 22.73% 13.64% 18.18% 31.82%
Risk Management - Enterprise
All Respondents 8.71% 15.33% 28.57% 31.01% 16.38%
Very Immature 40.00% 13.33% 13.33% 13.33% 20.00%
Immature 10.00% 22.00% 38.00% 24.00% 6.00%
Average 8.77% 19.30% 32.46% 27.19% 12.28%
Mature 3.45% 9.20% 27.59% 43.68% 16.09%
Very Mature 4.76% 4.76% 0.00% 28.57% 61.90%
Risk Management - Insurance
All Respondents 16.78% 16.08% 32.52% 22.73% 11.89%
Very Immature 43.75% 6.25% 25.00% 6.25% 18.75%
Immature 18.75% 25.00% 31.25% 18.75% 6.25%
Average 20.54% 17.86% 34.82% 20.54% 6.25%
Mature 6.82% 13.64% 35.23% 31.82% 12.50%
Very Mature 13.64% 4.55% 18.18% 18.18% 45.45%
Risk Management - Operational
All Respondents 10.84% 15.73% 25.52% 30.07% 17.83%
Very Immature 43.75% 12.50% 12.50% 6.25% 25.00%
Immature 10.20% 26.53% 30.61% 24.49% 8.16%
Average 9.91% 18.02% 31.53% 27.03% 13.51%
Mature 5.68% 10.23% 23.86% 44.32% 15.91%
Very Mature 13.64% 4.55% 0.00% 18.18% 63.64%
Security - Information
All Respondents 6.94% 12.50% 32.29% 30.90% 17.36%
Very Immature 29.41% 17.65% 23.53% 17.65% 11.76%
Immature 14.58% 18.75% 33.33% 27.08% 6.25%
Average 4.39% 14.04% 43.86% 28.07% 9.65%
Mature 3.45% 5.75% 24.14% 41.38% 25.29%
Very Mature 0.00% 13.64% 9.09% 22.73% 54.55%
Security - Physical
All Respondents 6.55% 12.76% 31.72% 29.66% 19.31%
Very Immature 31.25% 25.00% 12.50% 12.50% 18.75%
Immature 6.00% 12.00% 38.00% 28.00% 16.00%
Average 5.26% 14.91% 35.96% 31.58% 12.28%
Mature 4.55% 7.95% 30.68% 32.95% 23.86%
Very Mature 4.55% 13.64% 13.64% 22.73% 45.45%
Senior Management Participation/ Sponsorship
All Respondents 5.19% 11.76% 26.99% 35.29% 20.76%
Very Immature 31.25% 18.75% 18.75% 18.75% 12.50%
Immature 4.00% 28.00% 30.00% 26.00% 12.00%
Average 5.31% 10.62% 39.82% 25.66% 18.58%
Mature 2.27% 3.41% 17.05% 56.82% 20.45%
Very Mature 0.00% 9.09% 0.00% 31.82% 59.09%
Strategic Plan/ Corporate Mission Statement
All Respondents 9.38% 18.75% 28.13% 29.86% 13.89%
Very Immature 37.50% 18.75% 18.75% 18.75% 6.25%
Immature 8.16% 30.61% 30.61% 24.49% 6.12%
Average 10.62% 20.35% 32.74% 24.78% 11.50%
Mature 3.41% 11.36% 26.14% 43.18% 15.91%
Very Mature 9.09% 13.64% 13.64% 22.73% 40.91%
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 16
Status of Business Continuity Management Program ~ Multiple Selections Allowed
% of Resp Int’l
Program Status by Program Maturity Rating
Very Immature Immature Average Mature
Very Mature
There are no business continuity and/or IT disaster
recovery plans in place. 0.61% 0.95% 0.27% 0.29% 0.00% 5.12%
Off-site data recovery only. 5.92% 26.67% 7.49% 5.32% 3.37% 6.51%
There are contingency plans in place for IT DR functions
only. 15.96% 39.05% 34.22% 12.48% 10.10% 13.95%
Some departments/divisions have business continuity
plans. 43.34% 62.86% 68.18% 51.84% 24.47% 27.91%
Currently obtaining or have management support and
formulating the BCM program framework to include
contingency strategies, resiliency needs, recovery
objectives, operational and enterprise risk management
and crisis management plans.
39.37% 50.48% 67.38% 46.23% 26.04% 7.44%
Currently conducting BIA or risk assessments. 47.50% 50.48% 60.43% 53.09% 42.87% 15.81%
Currently developing and implementing BC and/or IT DR
plans that meet the needs of the organization. 48.57% 62.86% 68.72% 58.61% 33.33% 21.40%
Currently assessing an Emergency Operations Center. 12.79% 13.33% 25.13% 12.77% 9.32% 5.58%
Currently implementing an Emergency Operations
Center. 15.20% 19.05% 26.20% 14.89% 12.79% 5.58%
A full functioning Emergency Operations Center is in
place. 54.30% 27.62% 27.27% 50.87% 66.22% 81.40%
Policies and procedures are in place to interact and
coordinate with external agencies in times of a disaster. 60.02% 40.00% 34.76% 52.61% 77.22% 78.14%
A Crisis Management process and plan is in place. 79.95% 43.81% 62.03% 80.37% 89.00% 89.30%
A Crisis Communications program is in place. 78.20% 60.00% 53.74% 78.82% 85.07% 98.14%
Considering conducting an enterprise risk assessment for
the board and/ or senior management. 15.88% 31.43% 29.95% 20.21% 5.95% 4.19%
Currently conducting an enterprise risk assessment for
the board and/ or senior management. 17.49% 24.76% 18.45% 13.25% 22.67% 11.16%
Incorporated a full enterprise risk management program
with controls in place to avoid or mitigate potential risks. 35.97% 24.76% 4.81% 33.08% 46.80% 64.65%
Implemented a full functioning, corporate wide BCM
program that meets the organization’s contingency,
resiliency, risk management, emergency management
and crisis management needs.
55.33% 7.62% 23.26% 45.36% 79.91% 80.47%
Implemented an awareness and training program to
promote and educate the entire organization on the BCM
program.
55.56% 26.67% 31.82% 52.22% 68.80% 72.09%
Maintain an assessment and audit schedule of the BCM
program to ensure the program is up to date and
complete.
53.61% 21.90% 31.28% 53.19% 63.30% 69.77%
Maintain an exercise schedule in order to identify new
potential vulnerabilities or weaknesses in the current
BCM program. Analyze findings to elevate the program.
72.78% 21.90% 37.70% 72.63% 88.22% 95.35%
Currently developing a pandemic preparedness policy. 7.48% 10.48% 21.66% 8.32% 2.02% 0.00%
Currently implementing a pandemic preparedness policy. 4.77% 10.48% 6.42% 7.16% 1.80% 0.00%
Please choose all that apply to describe your organization’s curr ent continuity program status under your direction and management. Please check all that apply. (An assessment of USA respondents.) * “% of Resp” column will exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 17
A full functioning pandemic preparedness policy is in
place. 73.96% 38.10% 41.44% 70.99% 92.59% 85.12%
Currently developing an executive/leadership transition
plan. 16.53% 50.48% 25.94% 21.28% 5.72% 5.58%
Currently implementing an executive/leadership
transition plan. 6.07% 0.00% 0.00% 8.90% 6.40% 4.65%
A full functioning executive/leadership transition is in
place. 34.86% 16.19% 10.70% 26.89% 53.20% 48.37%
Highlighted figures indicate the highest figures in each column by program maturity.
Indicates areas of improvement. Highlighted percent figures represent the highest percent for each selection of program status.
Program Maturity Rating Avg Budget
Avg Total FTE
Avg Total PTE
Avg Number of Disciplines in
Program
Very Immature $251,111 USD 0.94 0.53 5.4
Immature $898,656 USD 3.34 1.28 3.8
Average $1,241,713 USD 2.95 6.02 5.0
Mature $1,924,299 USD 3.76 3.63 5.2
Very Mature $3,850,000 USD 7.43 8.37 4.8
Individual responses for program budgets varied between $1,000 to $50,000,000 USD. Data findings indicate a
correlation between average program budgets and industry, size of company and/or company revenues.
47.78%
20.57%
31.65%
Budgeting of Program Expenses
Program expenses are allocated independently f rom other functions
within the organization.
Program expenses are allocated to other department(s).
Program expenses do NOT have a def ined budget.
An assessment of the average business continuity mana gement budget (approximate/ estimated
expenses spent), average number of dedicated full -time and part-time personnel, average
number of disciplines managed in a program and the average pro gram maturity rating by
country. (An assessment of USA respondents.)
Describe how continuity program expenses are budgeted under your direction and management?
(An assessment of USA respondents.)
Budgeting
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 18
$0
$500,000
$1,000,000
$1,500,000
$2,000,000
$2,500,000
$3,000,000
Program expenses are allocated independently from
other functions within the organization.
Program expenses are allocated to other department(s).
Program expenses do NOT have a defined budget.
$1,515,813
$2,528,585
$805,521
Budgeting of Program Expenses
Budget Line Item % of Resp Include
Budget Item in
Total Budget
% of Total
Budget
Average
Budget Amount
Full Time Internal Staff 73.02% 41.04% $350,335.31
Consultants/ Contractors (Business focus) 36.33% 10.21% $112,146.04
Consultants/ Contractors (IT focus) 30.22% 4.33% $ 67,083.33
Emergency Operations Center (EOC) 33.45% 7.96% $ 70,794.41
Emergency Supplies 41.01% 4.79% $191,179.21
Hardware 38.49% 12.95% $248,674.25
Hot-site/ Outsourced Alternate Site 48.20% 25.19% $368,942.99
Internal Recovery Site 33.09% 9.76% $260,590.45
Software 47.12% 8.98% $ 69,268.20
Notification/ Alerts 52.16% 5.02% $ 35,042.23
Mobile Recovery 26.62% 3.23% $ 25,226.35
DR Technology 35.61% 13.06% $791,648.48
Exercises 65.83% 7.03% $ 74,121.22
Training /Awareness 62.95% 6.90% $ 48,827.90
Travel 59.71% 5.67% $ 59,849.08
Other 18.71% 1.30% $ 31,548.08
Average Total - - $1,531,268 USD*
* All questionable or incomplete budget information was verified by directly contacting the study respondent. Questionable data responses that couldn’t be
confirmed were removed.
“Other” budget line items as noted by study participants: Asset Protection - Global Call Center, E-Notify System, Network , Pandemic supplies, Record Retention .
Table shows a correlation between three different questions. First Question – Please specify
what is accounted for in your annual budget. Please check box if the line item is currently
included in your program budget. Second Question – Please indicate the percent of the overall
program budget for each line item. Third Question – What is your company’s approximate
annual budget for contingency related program expenses? (An assessment of USA respondents.)
* “% of Resp Included Budget Item” column will not 100% due to open/ multiple selections.
* The amount listed in the “Average Budget Amount” column was automatically calculated per study respondent based on the total budget and the
% of total budget for each line item. The average was then calculated for all study respondents.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 19
Budget Item Increased Decreased Unchanged Not Sure Full Time Internal Staff 24.79% 2.56% 64.96% 7.69%
Consultants/ Contractors (Business focus) 17.19% 14.06% 62.50% 6.25%
Consultants/ Contractors (IT focus) 9.09% 20.45% 54.55% 15.91%
Emergency Operations Center (EOC) 12.24% 2.04% 85.71% 0.00%
Emergency Supplies 8.57% 2.86% 87.14% 1.43%
Hardware 22.22% 6.35% 53.97% 17.46%
Hot-site/ Outsourced Alternate Site 24.44% 8.89% 60.00% 6.67%
Internal Recovery Site 15.22% 4.35% 67.39% 13.04%
Software 14.13% 6.52% 71.74% 7.61%
Notification/ Alerts 13.19% 2.20% 82.42% 2.20%
Mobile Recovery 4.17% 8.33% 75.00% 12.50%
DR Technology 30.36% 1.79% 50.00% 17.86%
Exercises 15.11% 3.60% 77.70% 3.60%
Training /Awareness 16.42% 2.99% 76.87% 3.73%
Travel 22.88% 10.17% 62.71% 4.24%
Other 40.00% 20.00% 40.00% 0.00%
Average % 17.44% 5.76% 70.07% 6.73%
Budget Item Increased Decreased Full Time Internal Staff 9.41% 40.00%
Consultants/ Contractors (Business focus) 6.50% 25.71%
Consultants/ Contractors (IT focus) 1.00% 18.57%
Emergency Operations Center (EOC) 40.67% 5.00%
Emergency Supplies 8.40% 75.00%
Hardware 9.25% 3.50%
Hot-site/ Outsourced Alternate Site 10.00% 5.00%
Internal Recovery Site 23.33%
Software 4.88% 27.75%
Notification/ Alerts 13.90% 80.00%
Mobile Recovery 3.00% 100.00%
DR Technology 11.83%
Exercises 8.67% 16.25%
Training /Awareness 18.38% 20.00%
Travel 12.33% 19.33%
Other 7.00% 5.00%
Please specify budget revisions for the next year for each budget line item – Increase, Decrease,
Remain the Same, or Not Sure. (An assessment of USA respondents.)
For each line item, if the budget increased or decreased then what percent do you anticipate the
budget for that line item to increase or decrease? (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 20
Individual responses for number of full-time, dedicated personnel to the program varied between 1 and 350.
Individual responses for number of full-time, dedicated personnel to the Business Continuity Planning varied
between 1 and 23. 53% of the respondents indicated having 1 or more full-time, dedicated personnel headcount
under their direct management and supervision. Data findings indicate a correlation between number of dedicated
personnel and industry, size of company and/or company revenues.
Disciplines – Current Personnel Minimum
FTE Avg FTE
Maximum FTE
Avg PTE % of Resp
Multi-Discipline 1 7.21 350 12.26 88.52%
Audit 1 1.63 3 6.67 5.47%
Business Continuity Process (Business Focus)
1 2.58 23 7.44 52.58%
Compliance 1 1.42 3 2.22 9.38%
Crisis Management 1 1.9 6 4.6 28.83%
Disaster Recovery Process (IT Focus) 1 2.26 7 13.15 21.02%
Emergency Management 1 2.01 12 3.54 27.89%
Facilities Management 1 1.61 3 1.25 3.98%
Health & Safety – Occupational 1 11.50 22 1.33 5.78%
Health & Safety - Environmental 1 1.5 3 1.33 5.16%
Information Technology 1 2.67 10 52 6.09%
Pandemic Planning 1 1.95 8 5.89 29.45%
Records Management 1 1.44 5 4.75 5.39%
Risk Management – Enterprise 1 1.13 3 2.33 8.05%
Risk Management – Insurance 1 1.06 2 3.00 0.94%
Risk Management – Operational 1 1.43 4 1.67 11.02%
Security – Information 1 2.63 6 53.67 3.91%
Security – Physical 1 33.93 300 49.25 9.45%
Other 1 2.88 9 1.5 3.91%
Average Total 11.64 24.64
Average number of discipline FTE and PTE staff is the average only for those study respondents that indicated managing that specific discipline in their
program and having staff dedicated to that discipline.
Personnel
Table shows a correlation between two different questions. First Question – Please specify all
the disciplines that you personally manage. Select all that apply. Second Question - If you
personally manage more than one discipline within your program, please indicate how many
full-time employees (FTE) and/ or part-time employees (PTE) you have dedicated to your
continuity program? Please confirm that the number below is the total FTE and PTE headcount
for all locations under your direction and management. (Auto-sum function built into study.)
(An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 21
18%
32%
50%
Hiring in the Next Year
Yes
No
Not Sure
Disciplines – Hiring Personnel Avg FTE Avg PTE % of Resp Multi-Discipline 3.30 1.46 67.70%
Audit 2.00 1.00 2.33%
Business Continuity Process (Business Focus) 1.25 1.14 33.85%
Compliance 1.33 1.00 5.84%
Crisis Management 1.00 1.00 19.07%
Disaster Recovery Process (IT Focus) 1.44 1.00 13.62%
Emergency Management 1.00 1.00 15.95%
Facilities Management 1.00 0.00 2.72%
Health & Safety – Occupational 0.00 0.00 3.50%
Health & Safety - Environmental 0.00 0.00 1.95%
Information Technology 1.00 0.00 3.89%
Pandemic Planning 0.00 0.00 18.68%
Records Management 0.00 0.00 3.50%
Risk Management – Enterprise 1.00 1.00 2.33%
Risk Management – Operational 0.00 1.00 4.67%
Security – Information 0.00 0.00 1.95%
Security – Physical 1.00 0.0 4.67%
Other 1.00 1.00 2.72%
Average Total 3.31 1.40
Average number of discipline FTE and PTE staff of anticipated hires is the average only for those study respondents that indicated managing that specific
discipline in their program and having staff dedicated to that discipline.
Table shows a correlation between two different questions. First Question – Please specify all
the disciplines that you personally manage. Select all that apply. Second Question - If you
personally manage more than one discipline within your program, please indicate how many
full-time employees (FTE) and/ or part-time employees (PTE) dedicated to the continuity
program you plan to hire in the next year? Please confirm that the number below is the total
number of proposed new personnel for all locations under your direction and management.
(Auto-sum function built into study.) (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 22
Will you be reducing your full-time dedicated continuity program staff in the next year under
your direction and management? (An assessment of USA respondents.)
If yes, what are the reasons for reducing your dedicated contin uity program staff in the next
year? Please select all that apply. (An assessment of USA respondents.) * Total percent may exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 23
Department Owner % of Resp
Program Best Situated for Maximum Visibility
Considering a Different
Department Owner?
Strongly disagree Disagree Neutral Agree
Strongly agree Yes No
Assurance/ Compliance 1.37% 0.00% 50.00% 0.00% 50.00% 0.00% 25.00% 75.00%
Audit - Internal 1.37% 25.00% 0.00% 50.00% 25.00% 0.00% 25.00% 75.00%
Business Continuity Office 16.04% 14.89% 4.26% 17.02% 34.04% 29.79% 17.02% 82.98%
Corporate Offices 5.46% 12.50% 6.25% 37.50% 18.75% 25.00% 6.25% 93.75%
Emergency/ Crisis Management 5.46% 0.00% 6.25% 18.75% 31.25% 43.75% 0.00% 100.00%
Facilities Management 3.07% 22.22% 22.22% 33.33% 0.00% 22.22% 0.00% 100.00%
Finance 3.41% 10.00% 10.00% 10.00% 50.00% 20.00% 20.00% 80.00%
Human Resources 1.37% 0.00% 25.00% 50.00% 25.00% 0.00% 25.00% 75.00%
Information Technology 26.28% 18.42% 21.05% 26.32% 22.37% 11.84% 19.48% 80.52%
Legal Counsel 1.37% 0.00% 33.33% 66.67% 0.00% 0.00% 75.00% 25.00%
Operations 5.12% 6.67% 13.33% 33.33% 20.00% 26.67% 6.67% 93.33%
Program Management Office 2.39% 14.29% 28.57% 42.86% 0.00% 14.29% 28.57% 71.43%
Risk Management 8.87% 3.85% 15.38% 3.85% 34.62% 42.31% 3.85% 96.15%
Security – Information 7.51% 22.73% 22.73% 18.18% 22.73% 13.64% 4.55% 95.45%
Security – Physical 4.78% 0.00% 14.29% 28.57% 50.00% 7.14% 14.29% 85.71%
Strategic Planning 0.34% 0.00% 0.00% 0.00% 100.00% 0.00% 0.00% 100.00%
Individual business units 1.37% 25.00% 50.00% 0.00% 25.00% 0.00% 25.00% 75.00%
Other 4.44% 7.69% 0.00% 15.38% 46.15% 30.77% 23.08% 76.92%
Highlighted figures indicate the highest figures by row of department owner.
Indicates the top three department owners by percent of respondents.
Indicates the top percent of study respondents who indicted “strongly disagree” for program organizational reporting structure.
Indicates the top percent of study respondents who indicted “strongly agree” for program organizational reporting structure.
“Other” Department Owners as noted by study participants: Administrative Operations, Business Quality Office, Chief Executive Officer, Compliance, Fire, Office of the CEO , Physical Security, Business Continuity,
Crisis & Emergency Management, Procurement and Administration, Quality Management , Risk and Compliance Management , Safety /Loss Control, Senior management , Technology Chief Information Officer
Organizational Reporting Structure
Table shows a correlation between three different questions. First Question - Which department
best describes the reporting structure of your program under your direction and management?
Please select the best response from the following departments. Second Question – Under the
current department ownership, do you agree that the continuity prog ram is best situated within
your organization for maximum visibility? Selection choices include strongly disagree, disagree,
neutral, agree and strongly agree. Third Question - Is your organization considering a different
department owner for the continuity program to maximize visibility? (An assessment of USA
respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 24
Department Owner Very
Immature Immature Average Mature Very
Mature
Assurance/ Compliance 5.88% 2.00% 0.00% 2.27% 0.00%
Audit - Internal 0.00% 2.00% 1.72% 1.14% 0.00%
Business Continuity Office 5.88% 12.00% 13.79% 20.45% 27.27%
Corporate Offices 5.88% 4.00% 5.17% 4.55% 13.64%
Emergency/ Crisis
Management 0.00% 6.00% 5.17% 7.95% 0.00%
Facilities Management 5.88% 6.00% 2.59% 1.14% 4.55%
Finance 0.00% 2.00% 5.17% 2.27% 4.55%
Human Resources 0.00% 2.00% 1.72% 1.14% 0.00%
Information Technology 47.06% 20.00% 24.14% 28.41% 27.27%
Legal Counsel 0.00% 2.00% 0.86% 2.27% 0.00%
Operations 5.88% 4.00% 4.31% 5.68% 9.09%
Program Management
Office 0.00% 4.00% 3.45% 1.14% 0.00%
Risk Management 5.88% 10.00% 10.34% 7.95% 4.55%
Security – Information 5.88% 8.00% 9.48% 4.55% 9.09%
Security – Physical 5.88% 10.00% 4.31% 3.41% 0.00%
Strategic Planning 0.00% 0.00% 0.86% 0.00% 0.00%
Individual business units 0.00% 2.00% 1.72% 1.14% 0.00%
Other 5.88% 4.00% 5.17% 4.55% 0.00%
Highlighted figures indicate the highest figures for each department owner by row.
If you are not considering a different department owner for the continuity program, which
department(s) would you prefer? Select all that apply. (An assessment of USA respondents.) - Total percent will exceed 100% due to multiple selections.
Table shows a correlation between two different questions. First Question - Which department
best describes the reporting structure of your program under your direction and managem ent?
Please select the best response from the following departments. Second Question – In your
opinion, how would you rate the maturity of your program? Please rate on a scale of 1 to 5 with
1 meaning VERY IMMATURE and 5 meaning VERY MATURE. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 25
If you are considering a different department owner for the continuity program, which
department(s) is being considered? Select all that apply . (An assessment of USA respondents.) - Total percent will exceed 100% due to multiple selections.
Program Sponsorship
Please specify by job title who is totally engaged and sponsoring the continuity program
functions. Please select the best response. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 26
Program Sponsor Very
Immature Immature Average Mature Very
Mature Board/ General Council/ Executive Committee
11.76% 7.84% 4.24% 15.22% 9.09%
President 17.65% 5.88% 2.54% 2.17% 0.00%
CEO – Chief Executive Officer
0.00% 0.00% 5.93% 9.78% 13.64%
CIO/ CTO – Chief Information Officer/ Chief Technology Officer
23.53% 21.57% 16.95% 19.57% 22.73%
CSO/ CISO – Chief Security Officer/ Chief Information Security Officer
0.00% 5.88% 5.08% 3.26% 4.55%
CFO – Chief Financial Officer
0.00% 9.80% 9.32% 9.78% 13.64%
COO – Chief Operating Officer
0.00% 5.88% 6.78% 9.78% 13.64%
CAO – Chief Administrative Officer
0.00% 0.00% 3.39% 1.09% 4.55%
CRO – Chief Risk Officer
5.88% 3.92% 8.47% 0.00% 4.55%
CCO – Chief Compliance Officer
5.88% 5.88% 1.69% 2.17% 0.00%
CCO – Chief Continuity Officer
0.00% 1.96% 0.00% 1.09% 0.00%
Other Chief Title 0.00% 0.00% 2.54% 0.00% 0.00%
Executive VP, Executive Director, General Manager
0.00% 0.00% 5.93% 6.52% 4.55%
Senior VP, Senior Director, Senior Manager
0.00% 13.73% 9.32% 5.43% 4.55%
VP/ Director 11.76% 7.84% 10.17% 6.52% 0.00%
Assistant VP, Assistant Director, Manager
5.88% 1.96% 1.69% 2.17% 4.55%
Specialist, Coordinator, Planner
0.00% 1.96% 3.39% 3.26% 0.00%
Other 17.65% 5.88% 2.54% 2.17% 0.00%
Highlighted figures indicate the highest figures for each sponsor by row.
Table shows a correlation between two different questions. First Question - Please specify by job
title who is totally engaged and sponsoring the continuity program functions. Please select the
best response. Second Question – In your opinion, how would you rate the maturity of your
program? Please rate on a scale of 1 to 5 with 1 meaning VERY IMMATURE and 5 meaning VERY
MATURE. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 27
Sponsoring Job Title
How is Engaged is this Individual?
1 – Very Little Involvement 2 3 4
5 – Very Involved
Board/ General Council/ Executive Committee 3.70% 14.81% 25.93% 29.63% 25.93%
President 9.09% 9.09% 18.18% 18.18% 45.45%
CEO – Chief Executive Officer 5.26% 15.79% 5.26% 42.11% 31.58%
CIO/ CTO – Chief Information Officer/ Chief Technology Officer 1.72% 10.34% 17.24% 39.66% 31.03%
CSO/ CISO – Chief Security Officer/ Chief Information Security Officer 7.69% 0.00% 15.38% 38.46% 38.46%
CFO – Chief Financial Officer 3.57% 14.29% 35.71% 32.14% 14.29%
COO – Chief Operating Officer 4.35% 8.70% 30.43% 39.13% 17.39%
CAO – Chief Administrative Officer 0.00% 0.00% 33.33% 33.33% 33.33%
CRO – Chief Risk Officer 0.00% 14.29% 21.43% 35.71% 28.57%
CCO – Chief Compliance Officer 0.00% 37.50% 0.00% 25.00% 37.50%
CCO – Chief Continuity Officer 0.00% 0.00% 0.00% 50.00% 50.00%
Other Chief Title 0.00% 0.00% 33.33% 0.00% 66.67%
Highlighted figures indicate the highest figures for each sponsor by row.
Level of Separation from Executive Committee
% of Resp
Program Best Situated for Maximum Visibility
Considering a Different Level of
Sponsorship?
Strongly disagree Disagree Neutral Agree
Strongly agree Yes No
0 48.66% 5.52% 7.59% 12.41% 33.10% 41.38% 4.14% 95.86%
1 29.53% 7.95% 19.32% 20.45% 36.36% 15.91% 7.95% 92.05%
2 12.08% 22.22% 22.22% 25.00% 27.78% 2.78% 22.22% 77.78%
3 5.70% 5.88% 47.06% 35.29% 11.76% 0.00% 11.76% 88.24%
4 2.68% 25.00% 12.50% 62.50% 0.00% 0.00% 0.00% 100.00%
5 0.67% 0.00% 0.00% 100.00% 0.00% 0.00% 50.00% 50.00%
6+ 0.67% 0.00% 0.00% 50.00% 0.00% 50.00% 0.00% 100.00%
Highlighted figures indicate the highest figures for each level of separation by row.
If the program is being sponsored by a Chief Officer or above, is this person really engaged in
your opinion? Rate on a scale of 1 to 5 with 1 meaning Very Little Involvement and 5 meaning
Very Involve. (An assessment of USA respondents.)
Table shows a correlation between three different questions. First Question – What is the level
of separation from the Executive Committee for this individual? Selection choices include 0 to
6+. Second Question – Based on the current level of separation from the Executive Committee,
do you agree that the continuity program is best situated within your organization for maximum
visibility? Selection choices include strongly disagree, disagree, neutral, agree and strongly
agree. Third Question - Is your organization considering a different level of sponsorship for the
continuity program to maximize visibility? (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 28
If you are not considering a different level of separation from the Executive Committee for the
continuity program, which level of separation would you prefer? (An assessment of USA
respondents.)
If you are considering a different level of separation from the Executive Committee for the
continuity program, to the best of your knowledge, what level of separation from the Executive
Committee is being considered? (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 29
Review & Update the BIA – Critical Processes
Very Immature Immature Average Mature
Very Mature
Every six months 17.65% 43.14% 48.28% 50.56% 36.36%
Annually 11.76% 1.96% 7.76% 8.99% 13.64%
Every other year 5.88% 19.61% 15.52% 19.10% 27.27%
Every three years 5.88% 9.80% 10.34% 10.11% 9.09%
Less often than three years 11.76% 9.80% 10.34% 10.11% 13.64%
Never 47.06% 15.69% 7.76% 1.12% 0.00%
Highlighted figures indicate the highest figures for each row.
Program Assessment & Exercising Plans
How often does your company review and update the BIA for organizational processes dee med
critical and non-critical? (An assessment of USA respondents.)
Table shows a correlation between two different questions. First Question - How often does your
company review and update the BIA for organizational processes deemed critical? Second
Question – In your opinion, how would you rate the maturity of your program? Please rate on a
scale of 1 to 5 with 1 meaning VERY IMMATURE and 5 mea ning VERY MATURE. (An assessment
of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 30
Review & Update the BIA – Non-Critical Processes
Very Immature Immature Average Mature
Very Mature
Every six months 12.50% 30.00% 39.66% 37.50% 27.27%
Annually 0.00% 0.00% 1.72% 5.68% 4.55%
Every other year 0.00% 18.00% 19.83% 21.59% 36.36%
Every three years 6.25% 10.00% 10.34% 7.95% 0.00%
Less often than three years 6.25% 12.00% 17.24% 15.91% 22.73%
Never 75.00% 30.00% 11.21% 11.36% 9.09%
Highlighted figures indicate the highest figures for each row.
In your opinion, does your organization leverage the outcome of the BIA and/ or risk
assessments to elevate the program? Please rate on a scale of 1 to 5 with 1 meaning Strongly
Disagree and 5 meaning Strongly Agree. (An assessment of USA respondents.)
Table shows a correlation between two different questions. First Question - How often does your
company review and update the BIA for organizational processes deemed non-critical? Second
Question – In your opinion, how would you rate the maturity of your program? Please rate on a
scale of 1 to 5 with 1 meaning VERY IMMATURE and 5 meaning VERY MATURE. (An assessment
of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 31
Never Daily Weekly Monthly Quarterly Twice a
year Annually
Every other year
Less than every other
year
Mission Critical IT Assets
1.19% 0.79% 0.79% 2.78% 14.29% 22.22% 53.57% 3.17% 1.19%
Mission Critical Business Functions
1.97% 0.00% 0.00% 1.57% 7.87% 16.54% 63.78% 5.12% 3.15%
Less Critical IT Assets
17.74% 0.40% 0.00% 0.81% 3.23% 7.26% 36.69% 17.34% 16.53%
Less Critical Business Functions
17.00% 0.40% 0.00% 0.40% 2.37% 5.93% 42.29% 17.39% 14.23%
Highlighted figures indicate the highest figures for each column.
Do you exercise your program? (An assessment of USA respondents.)
How often do you exercise plans for Mission Critical IT Assets, Mission Critical Business
Functions, Less Critical IT Assets and Less Critical Business Functions? (An assessment of USA
respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 32
Testing Plans – Mission Critical IT Assets
Very Immature Immature Average Mature
Very Mature
Daily 0.00% 0.00% 0.00% 1.19% 5.00%
Weekly 0.00% 0.00% 0.96% 1.19% 0.00%
Monthly 0.00% 0.00% 3.85% 3.57% 0.00%
Quarterly 11.11% 14.29% 16.35% 9.52% 25.00%
Twice a year 11.11% 14.29% 20.19% 25.00% 40.00%
Annually 77.78% 62.86% 50.00% 57.14% 30.00%
Every other year 0.00% 5.71% 4.81% 1.19% 0.00%
Less than every other year 0.00% 2.86% 1.92% 0.00% 0.00%
Never 0.00% 0.00% 1.92% 1.19% 0.00%
Highlighted figures indicate the highest figures for each row.
Testing Plans – Mission Critical Business Functions
Very Immature Immature Average Mature
Very Mature
Daily 0.00% 0.00% 0.00% 0.00% 0.00%
Weekly 0.00% 0.00% 0.00% 0.00% 0.00%
Monthly 0.00% 0.00% 1.90% 1.20% 4.76%
Quarterly 0.00% 5.56% 8.57% 4.82% 23.81%
Twice a year 11.11% 19.44% 12.38% 19.28% 23.81%
Annually 66.67% 61.11% 65.71% 67.47% 42.86%
Every other year 0.00% 5.56% 4.76% 6.02% 4.76%
Less than every other year 0.00% 5.56% 4.76% 1.20% 0.00%
Never 22.22% 2.78% 1.90% 0.00% 0.00%
Table shows a correlation between two different questions. First Question - How often do you
exercise plans for Mission Critical IT Assets? Second Question – In your opinion, how would you
rate the maturity of your program? Please rate on a scale of 1 to 5 with 1 meaning VERY
IMMATURE and 5 meaning VERY MATURE. (An assessment of USA respondents.)
Table shows a correlation between two different questions. First Question - How often do you
exercise plans for Mission Critical Business Functions? Second Question – In your opinion, how
would you rate the maturity of your program? Please rate on a scale of 1 to 5 with 1 meaning
VERY IMMATURE and 5 meaning VERY MATURE. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 33
Highlighted figures indicate the highest figures for each row.
Testing Plans – Less Critical IT Assets
Very Immature Immature Average Mature
Very Mature
Daily 0.00% 0.00% 0.00% 1.20% 0.00%
Weekly 0.00% 0.00% 0.00% 0.00% 0.00%
Monthly 0.00% 0.00% 0.98% 1.20% 0.00%
Quarterly 0.00% 2.94% 0.98% 2.41% 20.00%
Twice a year 0.00% 11.76% 7.84% 2.41% 20.00%
Annually 33.33% 26.47% 36.27% 43.37% 30.00%
Every other year 22.22% 17.65% 10.78% 24.10% 20.00%
Less than every other year 11.11% 20.59% 22.55% 10.84% 5.00%
Never 33.33% 20.59% 20.59% 14.46% 5.00%
Highlighted figures indicate the highest figures for each row.
Testing Plans – Less Critical Business Functions
Very Immature Immature Average Mature
Very Mature
Daily 0.00% 0.00% 0.00% 1.19% 0.00%
Weekly 0.00% 0.00% 0.00% 0.00% 0.00%
Monthly 0.00% 0.00% 0.97% 0.00% 0.00%
Quarterly 0.00% 2.78% 0.97% 0.00% 19.05%
Twice a year 0.00% 2.78% 7.77% 2.38% 19.05%
Annually 33.33% 33.33% 42.72% 50.00% 28.57%
Every other year 22.22% 16.67% 13.59% 21.43% 19.05%
Less than every other year 0.00% 11.11% 17.48% 14.29% 9.52%
Never 44.44% 33.33% 16.50% 10.71% 4.76%
Table shows a correlation between two different questions. First Question - How often do you
exercise plans for Less Critical IT Assets? Second Question – In your opinion, how would you
rate the maturity of your program? Please rate on a scale of 1 to 5 with 1 meaning VERY
IMMATURE and 5 meaning VERY MATURE. (An assessment of USA respondents.)
Table shows a correlation between two different questions. First Question - How often do you
exercise plans for Less Critical Business Functions? Second Question – In your opinion, how
would you rate the maturity of your program? Please rate on a scale of 1 to 5 with 1 meaning
VERY IMMATURE and 5 meaning VERY MATURE. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 34
Highlighted figures indicate the highest figures for each row.
What type of scenarios have you implemented to exercise your plans? Select all that apply. (An
assessment of USA respondents.) - Total percent will exceed 100% due to multiple selections.
How often do your internal audit department and external auditor review your program? (An
assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 35
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Internal Audit of Program by Program Maturity
Very Immature
Immature
Average
Mature
Very Mature
0%
10%
20%
30%
40%
50%
60%
External Audit of Program by Program Maturity
Very Immature
Immature
Average
Mature
Very Mature
Table shows a correlation between two differen t questions. First Question - How often do
Internal Auditors review your program? Second Question – In your opinion, how would you rate
the maturity of your program? Please rate on a scale of 1 to 5 with 1 meaning VERY IMMATURE
and 5 meaning VERY MATURE. (An assessment of USA respondents.)
Table shows a correlation between two different questions. First Question - How often do
External Auditors review your program? Second Question – In your opinion, how would you rate
the maturity of your program? Please rate on a scale of 1 to 5 with 1 meaning VERY IMMATURE
and 5 meaning VERY MATURE. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 36
Recovery Time
When a critical system fails, what is your contingency program’s point of failure to poin t of
availability/ up time for the service? (An assessment of USA respondents.)
What is your estimated financial loss per hour for every hour of downtime? Please consider all
potential losses.. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 37
Third Party Hot-Site/ Alternate Site Providers % of Resp Agility Recovery Solutions 6.86%
AT&T 16.18%
CoSentry 2.94%
Dell 8.33%
DRS 0.98%
EDS 4.41%
Equinix, Inc. 2.94%
Fujitsu 4.41%
Hewlett-Packard 17.16%
Hitachi 4.41%
Hosted Continuity 2.45%
IBM 33.33%
Infosys 1.96%
Iron Mountain 15.20%
Qwest 1.96%
Recovery Point Systems 0.98%
Rentsys 6.37%
SunGard 60.78%
Wanbishi 0.98%
Technology Recovery Solutions
Do you contract with a third-party hot site/ alternate site technology recovery vendor under
your direction and management? (An assessment of USA respondents.)
.
If yes, who is your third party hot-site/ alternate site technology recovery vendor? Select all
that apply. (An assessment of USA respondents.) - Total percent may exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 38
Wipro Technologies/ Infocrossing 0.98%
Other 31.86%
Other Responses for Hot-Site/ Alternate Site Providers: A vendor we work with in Chennai India; ACS, CyrusOne; Amazon Cloud Services; Another State Agency; Another state agency; Arise, Live Ops; Bankup;
CDW, Insight; COLO5; CSX; Cervalis and ColoSpace; Cervalis; CoSentry; DBSI & own hotsite; DBSi; DRS; EMC, RecoveryPlanner; Expediant; Fibertown;
Hewlett-Packard; IBM; Iron Mountain ; Mutual Agreement with other utility; NEMRIC; National Modular Bank Buildings, Watermark Restoration Inc, Fuel
Specialties; Northrop Grumman; Peak 10; Pitney Bowes; Presidio; Qwest ; Regus; Rentsys; State of Wisconsin and TW Telecom; SunGard; TBD; Tonaquint
Data Center (St George, Utah); Verzion ; Wipro Technologies/ Infocrossing; cannot disclose; confidential; others; prefer not to identify; savvis;
verizon/terremark;
If currently utilizing a third party hot-site/ alternate site for your technology recovery solution,
are you considering an internal recovery capability? (An assessment of USA respondents.)
Have you changed your technology recovery solution in the last two years? (An assessment of USA
respondents.) (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 39
Technology Solution Being Considered % of Resp Estimated Average Budget Exclusively at vendor location 8.26% $8,733,333.00
Mixed solution between multiple vendors 10.09% $5,695,000.00
Mixed solution between vendor (s) and internal recovery solution 41.28% $3,363,235.00
Internal solutions at primary site 11.01% $1,193,333.00
Internal solutions at alternate site 29.36% $4,423,240.00
If yes, what was your previous technology recovery solution? (An assessment of USA
respondents.)
Are you considering a change to your technology recovery solution in the next year? (An
assessment of USA respondents.)
If yes, please select all technology solutio ns you are considering. To the best of your ability,
please indicate the budget amount being considered. (An assessment of USA respondents.) *Total percent will exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 40
Cloud Computing
Is your company considering cloud computing in the next year? (An assessment of USA
respondents.)
If yes, please rate the following in your decision making process. (An assessment of USA
respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 41
Consulting Initiatives
How many contractors do you currently employ for your program under your direction and
management? (An assessment of USA respondents.)
If yes, what is the length of the contract for the longest contractor? (An assessment of USA
respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 42
Consulting Work in the Next Year % of Respondents
Assessment
BIA 37.33%
Facility Evaluation 28.00%
Gap analysis 45.33%
None/does not apply 13.33%
Other 13.33%
Risk Assessment 44.00%
Technical 36.00%
Compliance/ Standard
BASEL II 2.67%
BS 31100 (Risk Management) 4.00%
BS25777 4.00%
BS25999 Part 2 Business Continuity Management Systems 17.33%
COBIT 10.67%
DRI International Professional Practices 33.33%
FFIEC 14.67%
Good Practice Guidelines 2008 (BCI) 9.33%
Gramm Leach Bliley Act (GLBA) 8.00%
HIPAA 20.00%
Hong Kong Monetary Authority 1.33%
ISO 20000 IT Service Management 5.33%
ISO 27001 Information Security 6.67%
ISO 9000 Fundamentals and Vocabulary of Quality Systems 1.33%
ISO 9001 Quality Management 2.67%
Joint Commission (Hospitals) 8.00%
Local Banking Superintendency Requirement 1.33%
NFPA 1600 33.33%
None/does not apply 20.00%
Will you be engaging in consulting work in the next year for your program under your direction
and management? (An assessment of USA respondents.)
What consulting initiatives are you planning in the next year in regards to ASSESSMENT,
COMPLIANCE/ STANDARD, BC PROGRAM, DR PROGRAM AND GENERAL MANAGEMENT OF
PROGRAM? (An assessment of USA respondents.)
.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 43
OSHA Compliance 13.33%
Other 25.33%
Patriot Act 5.33%
Sarbanes Oxley 21.33%
SEC Regulations 5.33%
Title IX 2.67%
BC Program (Business Processes)
Awareness 49.33%
Crisis Mgt (Emergency Operations Center) 32.00%
Development 42.67%
Documentation 44.00%
Emergency Management 32.00%
Exercise 58.67%
Implementation 37.33%
None/does not apply 12.00%
Other 2.67%
Pandemic Planning 18.67%
DR Program (IT Processes)
Back-up/Resiliency 36.00%
Development 28.00%
Documentation 32.00%
Exercise 42.67%
High availability/ Operational Resilience 37.33%
Implementation 25.33%
None/does not apply 25.33%
Other 2.67%
General Continuity Consulting
BCM Policy 28.00%
Customer Training 17.33%
Electronic Risk 9.33%
Executive Buy-in 28.00%
Media/ Event Planning 6.67%
None/does not apply 12.00%
Operational Risk 25.33%
Other 2.67%
Project Management 32.00%
Recommendations 30.67%
Software Implementation 33.33%
Software Support 17.33%
Software Upgrade 16.00%
Strategic Planning 38.67%
Vendor Assessment 18.67%
Other Consulting Initiatives for the Next Year:
Assessment Work - Crisis Management/Response, DR Exercise Evaluation/Plan Audit, Just completed a BIA last month, Pandemic Planning, Plan evaluation,
Program Development Support, Reports, Training – software, cost of downtime, no consulting
Compliance/ Standard Work – ASIS/BSI BCM standard, Australian Business Continuity Standard AS/NZS 5050:2010, CIP-009, Commonwealth of Virginia
VDEM COOP Planning Manual, FINRA, HITRUST, Not determined at this time
Other BC Program (Business Processes) Work – Integration of…
Other DR Program (IT Processes) Work – IT Security, no consulting
Other General Continuity Consulting Work – Software Support, Software Upgrade, Testing, Vendor Assessment , no consulting
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 44
Software Providers % of Resp
21st Century Software DR/VFI 10.57%
Archer Technologies Archer SmartSuite Framework 6.17%
Business Protection Systems Int’l Business Protector 1.76%
CAPS Business Recovery Services CAPS BIA 0.88%
CAPS Recovery Planner 1.32%
COOP Systems myCOOP 6.0 3.52%
CPACS, LLC RecoveryPAC Full 0.88%
Crisis Management Software, LCC Crisis Commander 1.32%
eBRP Solutions Inc. Toolkit Suite 0.44%
ESi
Web EOC Professional 7.0 11.01%
Web EOC Air 3.08%
Web EOC FUSION 3.08%
Web EOC – Hospitals 3.08%
Web EOC Mapper Professional 4.85%
Web EOC Resource Manager 4.85%
Evergreen Data Continuity, Inc Mitigator 0.88%
NC4 E-TEAM 4.85%
Office Shadow Shadow-Planner 0.44%
Paradigm Solutions OpsPlanner 0.44%
RecoveryPlanner.com RPX 2.20%
SunGard BIA Professional 36.12%
Incident Manager, powered by Web EOC 4.85%
Vendor Utilization
Do you utilize software planning tools to assist with your Business Continuity Management
program initiatives under your direction and management? (An assessment of USA respondents.)
If yes, which software tool(s) do you utilize? Select all that apply. (An assessment of USA
respondents.) - Total percent may exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 45
LDRPS 56.39%
Paragon 3.96%
PLANet 0.44%
Tamp Systems (DRS) Disaster Recovery System 0.44%
Virtual Corporation Sustainable Planner 6.61%
Non-BCP Focused Packages (Word, Excel or Sharepoint) 19.38%
In-house/Internally Developed Tool In-house/ Internally Developed Tool 13.22%
Other Other 7.93%
Other Responses for Software Providers: BOLD Planning solutions EMPLANS software, Currently choosing, EnterPlan, Fusion, Fusion Risk Management, Global "AlertLink, Global AlertLink, Kuali
Ready, Living Disaster Recovery Planning System, MIR3, Waypoint, Web Planner
Software Providers Being Considered in the Next Year % of Resp
Avg Budget
21st Century Software DR/VFI 23.14% $200,000.00
Archer Technologies Archer SmartSuite Framework 38.02% $165,000.00
Business Protection Systems Int’l Business Protector 28.93% $150,000.00
CAPS Business Recovery Services CAPS BIA 23.14% $200,000.00
CAPS Recovery Planner 23.14% $200,000.00
Contingency Planning & Outsourcing, Inc CPOtracker 32.23% $ 73,333.33
COOP Systems myCOOP 6.0 52.89% $ 78,571.43
CPACS, LLC
RiskPAC 23.14% $200,000.00
RecoveryPAC Full 23.14% $200,000.00
RecoveryPAC Web 23.14% $200,000.00
Crisis Management Software, LCC Crisis Commander 23.14% $200,000.00
eBRP Solutions Inc. Toolkit Suite 38.84% $ 88,200.00
If not currently utilizing a software tool, are you considering in the next year? If yes, to the best
of your ability, please indicate the budget amount being considered and which software tools
are being considered. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 46
ESi Web EOC Professional 7.0 11.57% $300,000.00
Evergreen Data Continuity, Inc Mitigator 4.96% $ 25,000.00
LBL Technology Partners LBL Contingency Planner (client/server based) 23.14% $200,000.00
ContingencyPro (web based) 23.14% $200,000.00
Linus Information Security Solutions Revive 23.14% $200,000.00
NC4 E-TEAM 5.79% $100,000.00
Office Shadow Shadow-Planner 25.62% $200,000.00
Paradigm Solutions OpsPlanner 36.36% $116,666.67
Protiviti PACEmaker 23.14% $200,000.00
RecoveryPlanner.com RPX 47.11% $ 73,000.00
SunGard
BIA Professional 33.06% $103,333.33
EPlanner 4.96%
Incident Manager, powered by Web EOC 6.61% $ 50,000.00
LDRPS 56.20% $215,714.29
Paragon 9.92% $100,000.00
PLANet 32.23% $ 86,666.67
Tamp Systems (DRS) Disaster Recovery System 35.54% $ 81,250.00
Virtual Corporation Sustainable Planner 39.67% $ 91,250.00
Non-BCP Focused Packages (Word, Excel or Sharepoint) 34.71% $ 79,166.67
In-house/Internally Developed Tool In-house/ Internally Developed Tool 42.15% $ 56,250.00
Other Other 2.48% $ 40,000.00
Do you utilize automated emergency notification tools to assist with your Business Continuity
Management program initiatives under your direction and management? (An assessment of USA
respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 47
Automated Notification Providers % of Resp
3N 3n InstaCom Enterprise 3.02%
AMCOM e.Notify 1.29%
DCC- Dialogic Communications Corp. The Communicator! NXT 4.31%
Dell Message One AlertFind 13.36%
ESi WebEOC – MIR3 interface 2.43%
MIR3
inEnterprise 0.86%
inAlertCenter 8.19%
inCampusAlert 2.16%
inTechCenter 1.29%
inConnect 2.59%
inWebServices 1.29%
TelAlert 6e 1.72%
TelAlert Failover Support 1.72%
TelAlert Massaging Server 1.72%
TelAlert Voice Server 1.72%
Mission Mode Emergency Notification Alert System 1.29%
PlantCML REVERSE 911 1.29%
Rapid Notify Emergency Notification Services 2.16%
Send Word Now SWN Alert Service 12.50%
SunGard NotiFind, powered by Varolli 15.52%
Paragon Notifications 1.72%
Twenty First Century Communications Crisis Communications Systems (CRISCOM) 1.72%
Varolii
First Responder Communications 1.72%
Enterprise Business Continuity 4.31%
Employee Accountability 2.16%
Utilities – Critical Communications 0.86%
Wallace Wireless
WIC Alerter 3.45%
WIC Messenger 3.45%
WIC Responder 3.45%
Whispir Crisis Mobile 0.43%
Other Other 21.55%
In-house/Internally Developed Tool In-house/Internally Developed Tool 11.21%
Other Responses for Notification Providers: ?cast, Arcos Siren , Command Caller, Communicator, Digital Mailer - Exigent 911, Everbridge, Global AlertLink, GroupCast, Honeywell, Intercall Crisis
Connect provided by MIR3 , Live Process, Message 911, Message Media, Message One back up email., NY-ALERT, NY-ALERT (NY State's notification tool)
One Call, PIER, Part of our BC software package, PlantCML CommunicatorNXT, Cooper Statewide Alert Network (Based on Roam Secure), Premier Global
Systems, RAVE, RPX, Rallypoint, Singlewire, TALX, Tech Radium: IRIS, alarm point, an open source notification system, connected, erms through Recovery
Planner
If yes, which automated notification tool(s) do you u tilize? Select all that apply. (An assessment
of USA respondents.) - Total percent may exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 48
Automated Notification Providers Being Considered Next Year % of Resp
Avg Budget
3N 3n InstaCom Enterprise 58.16% $ 66,333.33
AMCOM e.Notify 26.53% $107,500.00
DCC- Dialogic Communications Corp. The Communicator! NXT 48.98% $ 68,250.00
Dell Message One AlertFind 38.78% $ 72,000.00
Emergency Communications Network, Inc.
ThunderCall 3.06% $ 15,000.00
ESi WebEOC – MIR3 interface 31.63% $ 24,333.33
MIR3 inEnterprise 58.16% $ 66,333.33
Mission Mode Emergency Notification Alert System 54.08% $ 62,166.67
PlantCML REVERSE 911 27.55% $104,000.00
Rapid Notify Emergency Notification Services 42.86% $ 68,250.00
One Call Now Emergency Notification Service 4.08% $ 17,500.00
Send Word Now SWN Alert Service 71.43% $ 37,750.00
SunGard NotiFind, powered by Varolli 69.39% $ 52,500.00
Paragon Notifications 4.08%
Twenty First Century Communications Crisis Communications Systems (CRISCOM)
33.67% $ 77,500.00
Varolii First Responder Communications 13.27% $ 15,000.00
Enterprise Business Continuity 18.37% $ 29,000.00
Wallace Wireless WIC Responder 8.16% $ 50,000.00
Other Other 9.18% $111,320.00
In-house/Internally Developed Tool In-house/Internally Developed Tool 1.02%
If not currently utilizing an automatic notification t ool, are you considering in the next year? If
yes, to the best of your ability, please indicate the budget amount being considered and which
notification tools are being considered. (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 49
Mobile Recovery Providers % of Resp Agility 32.31%
Pandora Recovery 4.62%
RentSys 26.15%
SunGard 53.85%
Other 13.85%
Other Responses for Mobile Recovery Providers: Have our own recovery trailers domestically; In-House; Internal; Internal- Mobile Stores, Network Equipment Trailers, Generators,
Communications/Command/Control, Cell-on-Wheels, others; National Modular bank Buildings (NMBB); RentSys; Rignet; SunGard; vocera
Do you utilize a mobile recovery solution to assist with your Business Continuity Management
program initiatives under your direction and management? (An assessment of USA
respondents.)
If yes, which mobile recovery provider(s) do you utilize? Select all that apply. (An assessment of
USA respondents.) - Total percent may exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 50
Mobile Recovery Providers Being Considered Next Year % of Resp
Avg Budget
Agility 74.07% $ 31,500.00
RentSys 55.56% $ 95,833.33
SunGard 44.44% $135,000.00
Other 7.41% $ 10,000.00
If not currently utilizing a mobile recovery provi der, are you considering in the next year? If
yes, to the best of your ability, please indicate the budget amount being considered and which
vendors are being considered. (An assessment of USA respondents.)
Managing Dispersed Offices
Does your existing program account for offices and/ or facilities outside your current office
location under your direction and management? (An assessment of USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 51
0%
10%
20%
30%
40%
50%
60%
70%
80%
Management of Program at Non Corporate Offices by Number of Non Corporate Offices
Engage professional consulting services local to the location(s).
Engage professional consulting services not local to the location(s).
Hire consultants/ independent contractors local to the location(s).
Hire consultants/ independent contractors not local to the location(s).
Hire full-time, permanent professionals local to the location(s).
Manage program from primary corporate office with periodic travel to location(s).
Managed locally with existing resources that are not experienced in the discipline.
Place expatriate in facility location for specified time period.
Total percent will exceed 100% due to multiple selections.
Table shows a correlation between two different questions. First Question –Within your span of
direct management and control, please specify the number of office locations/ facilities accounted
for in your existing plans. Second Question – How do you manage the program at these locations?
Select all that apply. (An assessment of USA respondents.) - Total percent may exceed 100% due to multiple selections.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 52
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Comply with regulations or laws
Contractual agreements/service-level agreements
Customer requirement
Good business sense
History of business interruption(s)
In response to audit results/recommendations
Insurance policy recommendation
Minimize future impact
Organization wants to be globally competitive and must comply with international standards.
Organization wants to be perceived to be compliant with good Corporate Governance.
Organization wants to ensure safety of their employees.
Organization wants to protect and increase its economic value.
Protect stakeholders
Protection of reputation and brand of organization.
Right thing to do
6%
18%
16%
1%
18%
6%
20%
2%
31%
7%
3%
6%
3%
1%
3%
10%
19%
18%
4%
18%
20%
27%
6%
13%
10%
7%
9%
5%
3%
5%
22%
26%
29%
21%
24%
28%
32%
15%
25%
26%
14%
21%
20%
17%
21%
32%
23%
23%
41%
27%
33%
16%
36%
21%
42%
25%
31%
36%
29%
37%
29%
14%
14%
33%
14%
13%
4%
41%
9%
16%
51%
32%
36%
50%
35%
Primary Reasons for Developing and Maintaining a Program
Low Priority 1 2 3 4 High Priority 5
Regulatory Requirement/ Standard 1 - Low priority 2 3 4
5 - High priority
Not Applicable
ASIS/BSI BCM standard 13.14% 8.00% 14.86% 11.43% 7.43% 45.14%
ASIS SPC.1-2009 - Organizational Resilience 13.10% 3.57% 11.90% 7.74% 7.14% 56.55%
Australian Business Continuity Standard AS/NZS 5050:2010 17.22% 3.31% 5.30% 1.99% 1.32% 70.86%
BS25999 Part 2 Business Continuity Management Systems 8.12% 6.09% 15.74% 18.78% 16.75% 34.52%
BS25777 15.69% 4.58% 9.15% 4.58% 1.96% 64.05%
BS 31100 (Risk Management) 16.44% 4.11% 6.85% 2.74% 1.37% 68.49%
BASEL II 16.33% 2.72% 6.80% 3.40% 2.72% 68.03%
The Business Continuity Maturity Model – Virtual Corporation 9.82% 2.45% 13.50% 9.82% 7.36% 57.06%
Circular No. G-139 -2009 (Peru) Managing business continuity 15.00% 1.43% 5.00% 0.00% 0.00% 78.57%
Reasons for Planning, Regulatory Requirements & Organizational Certification
What regulatory requirement and/ or standard do you model your Business Continuity
Management program after. Rate on a scale of 1 to 5 with 1 meaning LOW PRIORITY and 5
meaning HIGH PRIORITY. Please include Not Applicable (N/A) if the regulatory requirement
and/or standard do not apply to your organization. (An assessment of USA respondents.)
Please rate the following primary reasons for developing & maintaining a program on a scale
from 1 to 5 with 1 meaning LOW PRIORITY and 5 meaning HIGH PRIORITY. (An assessment of
USA respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 53
COBIT 12.99% 6.49% 11.69% 9.74% 5.19% 53.90%
DRI International Professional Practices 4.67% 3.74% 13.55% 24.30% 35.51% 18.22%
External Circular 048 (Colombia) - Rules for the Operational Risk
Management 18.06% 0.69% 2.78% 0.69% 0.00% 77.78%
FFIEC 11.05% 2.91% 3.49% 6.98% 22.09% 53.49%
Good Practice Guidelines 2008 (BCI) 13.46% 5.13% 9.62% 7.69% 9.62% 54.49%
Gramm Leach Bliley Act (GLBA) 12.88% 1.23% 9.20% 6.75% 15.34% 54.60%
HB 167:2006 – Security Risk Management (Australia Standard) 17.61% 0.70% 3.52% 0.00% 0.00% 78.17%
HB 203:2006 – Environmental Risk Management (Australia
Standard) 17.61% 0.70% 2.82% 0.00% 0.00% 78.87%
HB 221:2004 (Australia Standard) 17.02% 1.42% 2.84% 0.00% 0.00% 78.72%
HB 292-2006 (Australia Standard) 17.61% 1.41% 2.82% 0.00% 0.00% 78.17%
HB 436:2004 – Risk Management (Australia Standard) 17.86% 0.71% 2.86% 0.00% 0.00% 78.57%
HIPAA 12.72% 2.31% 9.83% 10.40% 26.59% 38.15%
Hong Kong Monetary Authority 17.86% 1.43% 3.57% 0.00% 1.43% 75.71%
ISO 14001 Environmental Management 16.78% 2.80% 4.90% 2.10% 3.50% 69.93%
ISO 9000 Fundamentals and Vocabulary of Quality Systems 13.38% 2.82% 8.45% 0.70% 3.52% 71.13%
ISO 9001 Quality Management 13.99% 4.20% 9.09% 7.69% 5.59% 59.44%
ISO 27001 Information Security 10.19% 2.55% 14.65% 7.64% 11.46% 53.50%
ISO 20000 IT Service Management 15.28% 1.39% 9.03% 7.64% 2.08% 64.58%
Joint Commission (Hospitals) 17.33% 0.00% 3.33% 3.33% 6.67% 69.33%
Local Banking Superintendency Requirement 19.42% 1.44% 2.88% 0.00% 0.72% 75.54%
MS 1970 (Malaysia Standard) 18.57% 0.71% 2.86% 0.71% 0.00% 77.14%
NFPA 1600 8.59% 6.06% 14.65% 19.19% 27.27% 24.24%
NFPA 1600 (Canadian Version) 15.97% 2.08% 3.47% 2.08% 0.00% 76.39%
NYSE 446/NASD 3500 17.45% 0.67% 6.04% 2.01% 6.04% 67.79%
OSHA Compliance 11.88% 3.13% 10.63% 10.00% 20.00% 44.38%
Patriot Act 15.58% 6.49% 6.49% 5.84% 12.99% 52.60%
Prudential Standard APS 232 on BCM (Australia) 17.27% 1.44% 2.88% 0.72% 0.00% 77.70%
Prudential Standard GPS 222 on BCM (Australia) 17.02% 1.42% 2.84% 0.71% 0.00% 78.01%
Prudential Standard LPS 232 on BCM (Australia) 16.90% 1.41% 2.82% 0.70% 0.00% 78.17%
Sarbanes Oxley 9.50% 5.03% 10.61% 13.41% 21.79% 39.66%
SAS70 12.05% 5.42% 10.24% 12.65% 16.27% 43.37%
SAS70-1 14.38% 3.27% 6.54% 5.88% 13.07% 56.86%
SEC Regulations 14.38% 1.31% 10.46% 5.88% 11.76% 56.21%
SS540/TR19 (Singapore Standard) 18.31% 0.70% 3.52% 1.41% 0.70% 75.35%
Title IX 14.48% 2.07% 8.28% 3.45% 6.21% 65.52%
Other 4.39% 0.88% 2.63% 1.75% 8.77% 81.58%
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 54
Has your organization achieved certification in a standard? (An assessment of USA
respondents.)
If no, is your organization considering becoming certified in a standard? (An assessment of USA
respondents.)
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 55
BC Management’s International Benchmarking Advisory Board was instrumental in reviewing the study to ensure it focused on the topics
that are of the greatest interest to continuity professionals today. The goal was to develop a credible reporting tool that would add value
to the business continuity profession. A full listing of board members and bios is available on the complimentary BCM Compensation
Report and made available to those respondents who completed the BCM Annual Study.
A special thanks to our sponsoring organizations that assisted in translating our study. Without these organizations the study may not have
been available in Chinese, Japanese and Spanish.
Distributing Organizations
BC Management also greatly appreciates the efforts of those organizations that assisted in this global effort. The contribution of each
individual organization does not indicate an endorsement of the study findings or the activities of BC Management, Inc. A full listing of
distributing organizations is available on the complimentary BCM Compensation Report and made available to those respondents who
completed the BCM Annual Study.
If yes, please select which standard(s) your organization has achieved certification. Please
select all that apply. (An assessment of USA respondents.) - Total percent may exceed 100% due to multiple selections.
Thank you to BC Management’s International Benchmarking Advisory Board
Thank you to our sponsors and organizations that assisted with this global effort
Global Data Solutions LTD
Sponsored the Chinese translation
Risk Managers and Consultants Association
Sponsored the Japanese translation
MiaTomi
Sponsored the Spanish translation
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 56
BC Management, Inc., founded in 2000, is an executive staffing and research firm solely dedicated to the business continuity, disaster
recovery, risk management, emergency management, crisis management and information security professions. With decades of industry
expertise, our staff has a unique understanding of the challenges professionals face with hiring, benchmarking and analyzing best practices
within these niche fields.
BC Management’s Complimentary Research - BC Management has been collecting data on the factors that impact compensations and
business continuity programs since 2001. To download our current complimentary reports please visit
www.bcmanagement.com.
We Value Your Comments - Thank you for participating in our annual study. Your contribution adds value to our comprehensive reporting
and allows us the opportunity to assess industry trends. Please share any comments or suggestions on how we can improve at
As a result of our advancement in reporting technology with World APP Key Survey, BC Management is able to offer a true benchmarking
service exclusively for the business continuity management profession. Our benchmarking service includes a report (similar to this report)
customized to your specific filters used to drill down to the data points that compare to your compensations or program planning
initiatives. As a part of our benchmarking service, BC Management is also offering a business intelligence dashboard technology in which
you will receive all the data points (based on your filter specifications) for further independent assessment. This technology will allow your
organization to further assess the data within a flexible, intelligent, user friendly format. Obtain information on our comprehensive
Business Continuity research reporting.
COMPENSATION RESEARCH DATA: Benefits of Our Customized Compensation Benchmarking Service
Saves time and money in assessing compensations for current and future personnel. Provides a fair comparison on compensation bands based on expertise, degree, certification and geography. Assists in retaining current personnel based on compensations in the same geography and job title.
Filters Available to Customize Your Compensation Report
Employment Status – may choose from full-time permanent, part-time permanent, independent contractor and unemployed.
Geography – may choose country, state/providence, or city.
Job Title/ Position – may choose from a selection of job titles.
Discipline – may choose multiple disciplines that are managed with the program (17 to choose from).
Years of Experience – may choose from an experience band of your choice.
PROGRAM MANAGEMENT RESEARCH DATA: Benefits of Our Customized Program Management Benchmarking Service
Allows you to assess the maturity of your business continuity program focusing on industry best practices, dedicated staff, budget breakouts, reporting structure, vendor utilization, program activation and much more.
Provides assistance in presenting business case objectives to your executives to substantiate and expand your program. Prioritizes key initiatives in elevating the maturity of your programs. Assists in building a road map to advance your program and meet your goals. Makes you more efficient by eliminating the need to do research on your own. Provides an unbiased source on how your company compares to the industry; specifically other “like” organizations, which can be
Customize Your Compensation and/or Program Management Benchmarking Report
About BC Management, Inc.
©2012 BC Management, Inc. All rights reserved Standard BCM Research Data Report - CONFIDENTIAL CONFIDENTIAL REPORT
Page 57
used to support your recommendations.
Filters Available to Customize Your Program Management Report
Industry – may choose more than one industry. Company Revenue – may choose a revenue band of your choice. Number of Employees – may choose a selection from number of company employees. Number of Locations – may choose a selection from number of company locations in either operational and/or retail interfacing. Geographic Distribution – may choose multiple countries as well as how the company locations are dispersed (global, multi-
country, one country, regionally within one country, statewide or citywide). Disciplines within program – may choose multiple disciplines that are managed with the program (17 to choose from). Scope of program – may choose a combination of the following: global, multi-country, one country or regionally within one
country. Maturity Rating of Program – may choose on a scale of 1 to 5 with 1 being Very Immature and 5 being Very Mature (please note
this is a self rating by the study participant). Names of Organization – may choose a list of company names that have participated in our study and completed the program
management portion of the study. Please keep in mind that not all respondents indicated their company name. Many respondents kept their organizational name private. Also, not all study respondents qualified for the program management portion of the study. Only those respondents who managed a program were encouraged to participate in the second section of the study. ALL RESPONDENT CONTACT INFORMATION IS KEPT CONFIDENTIAL AND IS NEVER REVEALED!
Inquiries
For more information or to order a report please email us at [email protected] or call us at (714) 969-8006 or toll free within the
United States (888) 250-7001
Thank you
Thank you for purchasing BC Management’s Comprehensive Business Continuity Management Compensation Report. This report is not
meant for general distribution. Any distribution of this report or reference to any information enclosed within this report is prohibited
unless approved by BC Management, Inc. Direct inquiries to – [email protected]