r Financial Services - Amazon Web...

The 2016 Continuity Insights and KPMG LLP Global Business Continuity Management (BCM) Program Benchmarking Study

The 2016Continuity Insights and KPMG LLP Global Business Continuity Management (BCM) Program Benchmarking Study

rnakao

Text Box

Segment Report Financial Services

i

Statistics used in this report are based on anonymous survey responses from 349 executives in public and private compa-nies, government agencies and authorities, educational institutions and not-for-profit entities.

The online survey, conducted by Continuity Insights during November 2015 through February 2016, explores changes to the global risk landscape, regulatory requirements and supply chain interdependencies, and compares the programs of organi-zations with a steering committee in place against those without a steering committee in place, highlighting some dramatic differences.

This Report is based on and generated from the KPMG LLP sponsored Survey entitled: The 2016 Continuity Insights and KPMG LLP Global Business Continuity Management (BCM) Program Benchmarking Study.

Research MethodologyRespondents for the 2016 Continuity Insights and KPMG LLP Global Business Continuity Management (BCM) Program Benchmarking Study were obtained from the Continuity Insights subscriber base by way of its newsletter, website, email deployments and social media channels, as well as from other professional organizations that supported the study. The 25-minute online survey included 47 questions and was fielded from November 2015 through February 2016. Information was collected from 349 respondents, of which 305 respondents completed the entire survey.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although Continuity Insights endeavor to provide accurate and timely information, there can be no guar-antee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situa-tion. For more information on the study methodology, please contact Robert Nakao at [email protected].

About Continuity InsightsContinuity Insights is business continuity from management’s perspective. It speaks directly to the strategic view, embrac-ing the issues and concerns of senior-level managers. With its results-oriented approach, Continuity Insights is a discussion of the “why’s” of business continuity and offers a comprehensive review of the vast continuity landscape. Its audience represents a wide range of businesses and industries, government and other public sector entities, and serves an array of professional disciplines. It’s highly specialized portfolio includes Continuity Insights online/electronic media including its highly-trafficked website, e-Newsletters, webinars, and research project; and its annual Continuity Insights Management Conference and regional events.

About KPMGKPMG LLP, the audit, tax and advisory firm (HYPERLINK “http://www.kpmg.com/us” www.kpmg.com/us), is the U.S. member firm of KPMG International Cooperative (“KPMG International”). KPMG International’s member firms have 145,000 profes-sionals, including more than 8,000 partners, in 152 countries. The KPMG name, logo and “cutting through complexity” are registered trademarks of KPMG International.

KPMG Information Protection and Business Resilience services help clients effectively manage and control corporate infor-mation assets across a broad spectrum of evolving threats and scenarios. Companies today increasingly realize that secu-rity is not a one-time project, but instead a strategy that must be adaptive to changing threats, remain consistent with the organization’s business initiatives, and deliver benefits such as manageability, assurance, and efficiency. We help companies identify their most important information assets, and work with them to develop an effective approach combining technolo-gy and business processes. We work with clients to maximize the value that can be obtained from their data while protecting key business processes, information assets, and the company’s brand and reputation.

To learn more about KPMG’s Information Protection and Business Resilience, please contact:

About This Report

Greg Bell National Practice Leader,Information Protection and Business ResilienceKPMG LLPT: 404 222 7197E: [email protected]

Anthony Buffomante Principal, Advisory Information Protection and Business ResilienceKPMG LLPT: 312 665 1748E: [email protected]

Robbie Atabaigi Manager, Advisory Information Protection and Business ResilienceKPMG LLPT: 404 222 3257E: [email protected]

ii

AcknowledgmentsContinuity Insights and KPMG LLP would like to acknowledge the following organizations for their contributions in helping raise the awareness — and hence the value — of the 2016 Continuity Insights and KPMG LLP Global Business Continuity Man-agement (BCM) Program Benchmarking Study.

In addition, we would like to acknowledge the subject-matter professionals that took the time to review the survey results and provide their point of view for use in this report, the companion article, and the panel discussion at the 2016 Continuity Insights Management Conference.

Requests for Benchmarking Reports and Key Contact

A number of custom reports are available and can be accessed on the Continuity Insights website. Those custom reports are:

• Annual revenue.

• Entity type (public companies, private companies, government agencies or authorities, and not-for-profits).

• Governance (Entities with an Advisory Steering Committee, Entities with no Advisory Steering Committee).

• Industries (Computers/IT hardware, software and services; Financial services; Government; Healthcare; Manufacturing; Professional services and Utilities).

• Number of employees.

If you would like to request a custom report that has not already been developed and available on the website, please provide the following information to Robert Nakao at [email protected].

• Your name, organization, and e-mail address

• The type of custom report(s) you would like to receive

You will be provided the custom report(s) generally within five (5) business days of the receipt of your request.

• Association Of Contingency Planners (ACP)

• Association Of Sacramento Area Planners (ASAP)

• BC Management

• BCI-USA

• Business Continuity Institute (BCI)(UK)

• Business & Industry Council For Emergency Planning & Preparedness (BICEPP)

• Business Resumption Planners Association (BRPA)

• Canadian Security Partners’ Forum

• Contingency Planners Of Ohio (CPO)

• Contingency Planning Exchange (CPE)

• Continuity Central

• Disaster Recovery Journal (DRJ)

• Disaster Resource Guide

• Forbes Calamity Prevention (Singapore/Asia)

• Global Conference On Disaster Management

• Mid Atlantic Disaster Recovery Association (MADRA)

• New England Disaster Recovery Information Exchange (NEDRIX)

• Risk & Insurance Management Society (RIMS)

• Rothstein Business Survival

• Southeastern Business Recovery Exchange (SEBRE)

• Southeastern Contingency Planners Association (SCPA)

Segment Report: Financial Services

Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Yes 24 1 0 8 0 33 43.42%

No 25 3 2 7 6 43 56.58%

Total 49 4 2 15 6 76 100.00%

Aerospace/Defense 0 0 0 0 0 0 0.00%

Automotive 0 0 0 0 0 0 0.00%

Biotechnology 0 0 0 0 0 0 0.00%

Chemical/Petroleum 0 0 0 0 0 0 0.00%

Communications/Media 0 0 0 0 0 0 0.00%

Computer/Information Technology

Telecommunications 0 0 0 0 0 0 0.00%

Computer/Information Technology Software 0 0 0 0 0 0 0.00%

Computer/Information Technology Services 0 0 0 0 0 0 0.00%

Education 0 0 0 0 0 0 0.00%

Entertainment/Media 0 0 0 0 0 0 0.00%

Financial Services – Banking 49 0 0 0 0 49 64.47%

Financial Services – Brokerage 0 4 0 0 0 4 5.26%

Financial Services – Credit Card 0 0 2 0 0 2 2.63%

Financial Services – Investment 0 0 0 15 0 15 19.74%

Financial Services - Mortgages 0 0 0 0 6 6 7.89%

Government 0 0 0 0 0 0 0.00%

Healthcare Medical – Hospital 0 0 0 0 0 0 0.00%

Healthcare Medical – Service Provider 0 0 0 0 0 0 0.00%

Insurance 0 0 0 0 0 0 0.00%

Manufacturing - Consumer Goods 0 0 0 0 0 0 0.00%

Manufacturing - Industrial Goods (Non-technology)0 0 0 0 0 0 0.00%

Manufacturing - Medical Devices/Other Healthcare

Products 0 0 0 0 0 0 0.00%

Not for Profit Organization 0 0 0 0 0 0 0.00%

Pharmaceuticals 0 0 0 0 0 0 0.00%

Power (Oil and Gas) 0 0 0 0 0 0 0.00%

Power (Generation/Transmission) 0 0 0 0 0 0 0.00%

Professional Services (Business Continuity/Operational

Risk Consulting) 0 0 0 0 0 0 0.00%

Professional Services (Other) 0 0 0 0 0 0 0.00%

Retail 0 0 0 0 0 0 0.00%

Transportation – Aviation 0 0 0 0 0 0 0.00%

Transportation – Mass Transit 0 0 0 0 0 0 0.00%

Transportation – Shipping 0 0 0 0 0 0 0.00%

Transportation - Trucking 0 0 0 0 0 0 0.00%

Utilities 0 0 0 0 0 0 0.00%

Wholesale Distributors 0 0 0 0 0 0 0.00%

Other (Please indicate industry) 0 0 0 0 0 0 0.00%

Total 49 4 2 15 6 76 100.00%

1. Does your enterprise use survey results to generate or enhance executive support for your Business Continuity Management (BCM)

Program?

2. Which best describes your primary type of industry? (Select only one response)

Page 1


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Less than 25 2 0 0 0 0 2 2.63%

25 to < 100 1 0 0 0 0 1 1.32%

100 to < 500 3 0 1 2 1 7 9.21%

500 to < 1,000 4 0 0 4 0 8 10.53%

1,000 to < 5,000 16 2 1 4 3 26 34.21%

5,000 to < 10,999 5 2 0 1 2 10 13.16%

10,000 to < 20,000 1 0 0 4 0 5 6.58%

20,000 or more 17 0 0 0 0 17 22.37%

Total 49 4 2 15 6 76 100.00%

Public company 28 3 0 8 3 42 55.26%

Privately-held company 15 1 1 6 1 24 31.58%

Government agency or Authority 2 0 0 1 2 5 6.58%

Education 0 0 0 0 0 0 0.00%

Not-for-profit organization 4 0 1 0 0 5 6.58%

Total 49 4 2 15 6 76 100.00%

Local - Single site operation in one location 3 0 0 1 0 4 5.26%

Regional - Multi-site operations in one region of one

country 17 0 1 1 2 21 27.63%

National - Multi-site operations throughout one

country 11 0 1 2 4 18 23.68%

Global - Multi-site operations worldwide 18 4 0 11 0 33 43.42%

Total 49 4 2 15 6 76 100.00%

Yes - Same Building 6 0 0 1 3 10 25.00%

Yes - Same Campus 0 0 0 1 0 1 2.50%

No 22 0 2 2 3 29 72.50%

Total 28 0 2 4 6 40 100.00%

Brazil 1 0 0 0 0 1 1.69%

Canada 2 0 0 1 0 3 5.08%

United States 19 3 0 9 4 35 59.32%

Americas - Other (Specify) 1 0 0 1 0 2 3.39%

Australia 3 0 0 1 0 4 6.78%

Singapore 0 0 0 0 0 0 0.00%

South Korea (Republic of Korea) 0 0 0 0 0 0 0.00%

Taiwan 0 0 0 0 0 0 0.00%

Turkey 0 0 0 0 0 0 0.00%

Asia Pacific - Other (Specify) 3 0 0 0 0 3 5.08%

France 1 0 0 0 0 1 1.69%

Germany 0 0 0 1 0 1 1.69%

The Netherlands 2 0 0 0 0 2 3.39%

Spain 0 0 0 0 0 0 0.00%

Switzerland 0 0 0 0 0 0 0.00%

United Arab Emirates 0 0 0 0 0 0 0.00%

United Kingdom 3 0 0 0 0 3 5.08%

Europe, Middle East, and Africa - Other (Specify)3 0 0 1 0 4 6.78%

Total 38 3 0 14 4 59 100.00%

4. Which best describes your organization, entity, or enterprise? (Select only one response)

5. How would you describe the geographical range of your operations? (Select only one response)

6. Are your headquarters operations AND your primary data center located in the same building or the same campus?

7. If your organization has operations in multiple countries, in what country is your organization’s headquarters located?

3. How many people are employed by your organization (at all locations)? (Select only one response)

Page 2


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Less than $10 million 4 0 1 1 0 6 8.57%

$10 million to < $50 million 1 0 0 0 0 1 1.43%



$500 million to < $1 billion 2 0 0 4 1 7 10.00%

$1 billion to < $5 billion 7 2 0 2 0 11 15.71%

$5 billion to < $10 billion 5 0 0 1 1 7 10.00%

$10 billion or more 11 1 0 1 0 13 18.57%

Not Applicable 2 0 0 2 0 4 5.71%

Unknown 5 0 1 2 3 11 15.71%

Total 45 3 2 14 6 70 100.00%

Business Continuity Management or Business

Resilience Management in Business Unit/Site/Support

Group 5 0 0 2 2 9 12.86%

Business Continuity Management or Business

Resilience Management in Corporate Program Office29 2 1 8 2 42 60.00%

Compliance/Internal Audit 2 0 0 0 0 2 2.86%

Consultant/Analyst 0 0 0 1 1 2 2.86%

Crisis Management/Emergency Management 1 0 0 2 0 3 4.29%

Enterprise Risk Management 1 1 1 0 1 4 5.71%

Employee Health and Safety 0 0 0 0 0 0 0.00%

Facilities Management/Real Estate 0 0 0 0 0 0 0.00%

Finance/Accounting 1 0 0 0 0 1 1.43%

Insurance/Liability Management 0 0 0 0 0 0 0.00%

IT Disaster Recovery (IT DR) Planning 3 0 0 0 0 3 4.29%

Legal 0 0 0 0 0 0 0.00%

Security Management 3 0 0 0 0 3 4.29%

Other (Please Define) 0 0 0 0 0 0 0.00%

Corporate Executive 0 0 0 1 0 1 1.43%

Total 45 3 2 14 6 70 100.00%

Less than 1 year 2 0 0 0 3 5 8.20%

1 year to < 3 years 0 0 0 0 1 1 1.64%

3 years to < 5 years 4 2 0 0 0 6 9.84%

5 years to < 10 years 12 0 2 2 0 16 26.23%

10 years to < 20 years 16 1 0 7 0 24 39.34%

20 years or more 6 0 0 1 0 7 11.48%

Unknown 1 0 0 1 0 2 3.28%

Total 41 3 2 11 4 61 100.00%

10. How long has the BCM Program been in place in your organization? (Select only one response)

8. What is your company’s approximate annual revenue in ($US) for the last fiscal year (FY15)? (Government agencies, please select Not Applicable)?

9. Which best describes your primary job function? (Select only one response)

Page 3


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Address Audit finding(s) 19 2 0 3 1 25 40.98%

Continuity of business operations 32 3 2 9 3 49 80.33%

Customer request or requirement 12 0 0 3 0 15 24.59%

Government regulations/Compliance 34 3 1 10 2 50 81.97%

Lessons learned from other companies who

experienced actual events 18 1 0 2 0 21 34.43%

Lower insurance premiums 4 0 0 0 0 4 6.56%

Reputation 24 1 0 7 1 33 54.10%

Required by law 12 1 0 2 1 16 26.23%

Unique competitive advantage 3 0 0 2 1 6 9.84%

Other (Define) 1 0 0 1 0 2 3.28%

Total 41 3 2 11 4 61 100.00%

Audit findings 32 2 0 8 0 42 68.85%

Benchmarking/comparison to industry norms12 1 0 7 0 20 32.79%

Maturity modeling 8 1 0 4 0 13 21.31%

Metrics program (including executive reporting)19 3 0 8 0 30 49.18%

Business Continuity performance reviews 17 2 0 6 1 26 42.62%

Business Continuity Plan exercises 33 3 1 10 1 48 78.69%

Service level monitoring 5 0 0 1 0 6 9.84%

Review program capabilities vs. standards 15 1 0 6 0 22 36.07%

Technology recovery test results 31 1 0 11 1 44 72.13%

Cost / Benefit Analysis 5 0 0 1 0 6 9.84%

Other - Please define: 1 0 0 1 1 3 4.92%

N/A - We do not measure BCM Program performance0 0 1 0 2 3 4.92%

Total 41 3 2 11 4 61 100.00%

11. What are the primary reasons that your organization has established a BCM Program? (Select all that apply)?

12. How does your organization measure the performance of your BCM Program? (Select all that apply)

Page 4


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

22301 None

CFPB Not Applicable

DRII Professional Practices Not applicable

FFEIC / FINRA / SIFMA / 22301 Not Applicable

FFFIEC, NCUA Not Applicable - just regulatory requirement

FFIEC Not Applicable yet

FFIEC occ

FFIEC Public Law 110-53, NFPA 1600, BSI25999 and ASIS International 12009

FFIEC SIFMA, FINRA 4370

FFIEC Unknown

FFIEC

FFIEC

Ffiec

FFIEC

FFIEC

FFIEC

FFIEC

FFIEC

FFIEC

FFIEC

FFIEC / DRII Professional Practices / NFPA 1600

FFIEC / ISO / NIST / DRII

FFIEC and all local country regulations

FFIEC, NCUA

FFIEC, NFPA, ISO

FFIEC, NIST

FINRA

ISO 22301

ISO 22301

ISO 22301

ISO 22301

ISO 22301

ISO 22301

ISO 22301

ISO 22301 / ISO 22313

ISO 22301, AS3745:2010

ISO 22301, NFPA 1600, FFIEC, NIST 800-34, ASIS SPC.1-2009, ASIS/BSI BCM.01

ISO 22301, NFPA 1600, FFIEC, Z1600

ISO 22301. BS 11200:2014

Iso 22301/fema/fsa

ISO/SAFR

ISO22301, FFIEC

ISO23301

n/a. we do benchmark several

na

NCUA, FFIEC

NFPA 1600

NIST, ISO 22301

No standards. But the framework includes areas covered by some of these standards

None

None

13. In addition to any regulatory requirements that your organization may be required to meet, please list the business continuity standard(s) that

your organization is using to support your BCM Program? Please list standards (Example: ISO 22301, NFPA 1600, FFIEC, Not Applicable, etc.)

Page 5


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Awareness Program 3 0 0 0 0 3 4.92%

Business Continuity Plans 5 0 0 1 0 6 9.84%

Communications 18 1 0 6 1 26 42.62%

Crisis/Emergency Management Plans 13 1 0 2 0 16 26.23%

IT Disaster Recovery Plans 0 0 0 0 0 0 0.00%

Plans are in development 4 0 0 0 0 4 6.56%

None 14 1 2 5 3 25 40.98%

Not sure 0 0 0 0 0 0 0.00%

Total 41 3 2 11 4 61 100.00%

Full Time 35 3 2 11 1 52 85.25%

Part Time 4 0 0 0 1 5 8.20%

No 2 0 0 0 2 4 6.56%

Total 41 3 2 11 4 61 100.00%

Yes 33 3 1 10 1 48 78.69%

No 8 0 1 1 3 13 21.31%

Total 41 3 2 11 4 61 100.00%

CEO/President 0 0 0 0 0 0 0.00%

Chief Financial Officer 1 0 1 0 0 2 3.28%

Chief Information Officer 1 0 0 1 0 2 3.28%

Chief Operating Officer 2 0 0 1 0 3 4.92%

Chief Risk Officer 0 0 0 0 0 0 0.00%

Chief Security Officer, VP/Director 3 0 0 0 0 3 4.92%

Director, Business Continuity Management or Business

Resilience 9 2 0 4 0 15 24.59%

Director, Information Technology 1 0 0 0 0 1 1.64%

Director or Manager, Risk Management 1 1 0 0 1 3 4.92%

Manager, Business Continuity Management or Business

Resilience 7 0 1 1 1 10 16.39%

Manager, Information Technology 1 0 0 0 0 1 1.64%

Vice President, Business Continuity Management or

Business Resilience 6 0 0 4 0 10 16.39%

Vice President, Information Technology 0 0 0 0 0 0 0.00%

Vice President, Risk Management 2 0 0 0 0 2 3.28%

Specific Department Director / Manager. Please

identify the business function (name of department):1 0 0 0 0 1 1.64%

Other (please enter job title) 6 0 0 0 2 8 13.11%

Total 41 3 2 11 4 61 100.00%

17. Which best describes the job title of the lead BCM Program Coordinator? (Select only one response)

14. Is your organization utilizing social media in any of the following plans? (Check all that apply)

15. Does your organization have a designated full time or part time lead BCM Program Coordinator authorized to administer and keep the BCM

Program current? (Select only one response)

16. Does your organization have a Senior Management Advisory or Steering Committee that provides input and assistance to the lead BCM Program

Coordinator and BCM Program Coordination Team in the preparation, implementation, evaluation and revision of your organization’s BCM Program?

(Select only one response)

Page 6


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

CEO 2 0 0 0 0 2 3.28%

Chief Administrative Officer 3 0 0 0 0 3 4.92%

Chief Compliance Officer 1 0 0 0 1 2 3.28%

Chief Financial Officer 4 0 0 1 0 5 8.20%

Chief Information Officer 3 0 0 2 1 6 9.84%

Chief Information Security Officer 2 0 0 0 0 2 3.28%

Chief Operating Officer 6 1 0 2 0 9 14.75%

Chief Risk Officer 12 1 2 4 0 19 31.15%

Chief Security Officer, VP/Director 3 1 0 0 0 4 6.56%

Chief Technology Officer 1 0 0 1 0 2 3.28%

General Counsel 0 0 0 0 0 0 0.00%

President 1 0 0 0 0 1 1.64%

Other C-Level Executive (Please identify the

corporate/executive management title) 3 0 0 1 2 6 9.84%

Total 41 3 2 11 4 61 100.00%

Business Continuity Management specific certifications

from the Business Continuity Institute (CBCI/DBCI,

AMBCI, MBCI, AFBCI, FBCI)16 2 0 5 0 23 37.70%

Business Continuity Management certified

professionals from the Disaster Recovery Institute

International (ABCP, CFCP, CBCP or MBCP)25 2 1 8 2 38 62.30%

Business Continuity Management certified specialties

from the Disaster Recovery Institute International

(Certified Auditor, Public Sector, Health)1 0 0 0 0 1 1.64%

IT specific certifications (i.e., ITIL, CISSP, CISA, etc.)9 2 0 3 0 14 22.95%

Non-Business Continuity specific certifications (i.e.,

PMP, CIPP, etc.) 4 1 0 1 0 6 9.84%

Other: (Define) 8 0 1 2 2 13 21.31%

Total 41 3 2 11 4 61 100.00%

Less than 1 year 1 0 0 0 0 1 1.64%

1 year to < 3 years 4 1 0 0 2 7 11.48%

3 years to < 5 years 3 0 1 0 0 4 6.56%

5 years to < 10 years 12 1 1 3 0 17 27.87%

10 years to < 20 years 12 1 0 7 1 21 34.43%

20 years or more 7 0 0 1 0 8 13.11%

Do not know 2 0 0 0 1 3 4.92%

Total 41 3 2 11 4 61 100.00%

18. Which best describes the C-Level executive with ultimate reporting responsibility for your BCM Program? (Select only one response)

19. Please identify any certifications that your organization seeks from employees that lead your program or have a significant role in your program:

(Select all that apply)

20. Please identify the number of years of BCM program leadership experience of your BCM Program leader has (Leading a Program): (Select only

one response)

Page 7


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

0 FTEs 3 0 0 0 0 3 5.56%

1 to 2 FTEs 14 1 2 6 2 25 46.30%

3 to 5 FTEs 9 0 0 2 1 12 22.22%

6 to 9 FTEs 2 1 0 0 0 3 5.56%

10 to 20 FTEs 5 1 0 2 0 8 14.81%

More than 20 FTEs 3 0 0 0 0 3 5.56%

I don’t know 0 0 0 0 0 0 0.00%

Total 36 3 2 10 3 54 100.00%

0 FTEs 12 0 1 5 2 20 37.04%

1 to 2 FTEs 6 0 1 3 1 11 20.37%

3 to 5 FTEs 2 1 0 0 0 3 5.56%

6 to 9 FTEs 2 2 0 0 0 4 7.41%

10 to 20 FTEs 3 0 0 1 0 4 7.41%

More than 20 FTEs 10 0 0 1 0 11 20.37%

I don’t know 1 0 0 0 0 1 1.85%

Total 36 3 2 10 3 54 100.00%

0 FTEs 11 0 1 5 3 20 37.04%

1 to 2 FTEs 11 3 1 5 0 20 37.04%

3 to 5 FTEs 4 0 0 0 0 4 7.41%

6 to 9 FTEs 4 0 0 0 0 4 7.41%

10 to 20 FTEs 2 0 0 0 0 2 3.70%

More than 20 FTEs 2 0 0 0 0 2 3.70%

I don’t know 2 0 0 0 0 2 3.70%

Total 36 3 2 10 3 54 100.00%

0 FTEs 6 0 0 3 1 10 18.52%

1 to 2 FTEs 15 2 2 4 1 24 44.44%

3 to 5 FTEs 5 0 0 2 1 8 14.81%

6 to 9 FTEs 3 0 0 0 0 3 5.56%

10 to 20 FTEs 2 0 0 0 0 2 3.70%

More than 20 FTEs 4 1 0 1 0 6 11.11%

I don’t know 1 0 0 0 0 1 1.85%

Total 36 3 2 10 3 54 100.00%

21. For the following question, please estimate the number of Full Time Equivalent (FTE) headcount who are dedicated to your BCM program in your

Corporate Program Office AND in your various Business Units/Functions (including contractors). (cont'd)

Various Business Units/Functions



Corporate BCM Program Office


Corporate Program Office AND in your various Business Units/Functions (including contractors).

Information Technology/Disaster Recovery



Crisis Management

Page 8


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Less than $50,000 5 0 0 0 1 6 11.11%

$50,000 to < $100,000 3 0 1 1 1 6 11.11%

$100,000 to < 250,000 9 0 1 4 1 15 27.78%

$250,000 to < $500,000 4 2 0 1 0 7 12.96%

$500,000 to < $1 million 2 0 0 2 0 4 7.41%


$5 million or more 2 0 0 0 0 2 3.70%

I don’t know 9 0 0 1 0 10 18.52%

Total 36 3 2 10 3 54 100.00%

Less than $50,000 11 0 1 1 2 15 27.78%

$50,000 to < $100,000 1 0 1 0 1 3 5.56%

$100,000 to < 250,000 2 1 0 2 0 5 9.26%

$250,000 to < $500,000 2 1 0 1 0 4 7.41%

$500,000 to < $1 million 2 1 0 0 0 3 5.56%


$5 million or more 3 0 0 0 0 3 5.56%

I don’t know 13 0 0 5 0 18 33.33%

Total 36 3 2 10 3 54 100.00%

Less than $50,000 11 0 1 2 3 17 31.48%

$50,000 to < $100,000 3 2 1 0 0 6 11.11%

$100,000 to < 250,000 2 1 0 3 0 6 11.11%

$250,000 to < $500,000 4 0 0 0 0 4 7.41%

$500,000 to < $1 million 1 0 0 0 0 1 1.85%


$5 million or more 1 0 0 0 0 1 1.85%

I don’t know 12 0 0 5 0 17 31.48%

Total 36 3 2 10 3 54 100.00%

22. Please estimate the total budget for the staff that is in place across the organization (i.e. in your Corporate Program Office AND in the

organization’s business units and corporate functions (excluding contractors). Use the Total Equivalent Headcount estimates from your response to

the table in the previous question and use estimated loaded salaries, benefits, travel and living expenses (combined).

BCM Program Third-Party Consultants (Include program assessments, improving capabilities, etc.)



the table in the previous question and use estimated loaded salaries, benefits, travel and living expenses. (cont'd)

Information Technology / Disaster Recovery (employees)




Crisis Management (employees)

Page 9


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Less than $50,000 6 0 0 1 2 9 16.67%

$50,000 to < $100,000 4 0 1 0 0 5 9.26%

$100,000 to < 250,000 5 3 0 3 1 12 22.22%

$250,000 to < $500,000 3 0 1 1 0 5 9.26%

$500,000 to < $1 million 2 0 0 0 0 2 3.70%


$5 million or more 3 0 0 1 0 4 7.41%

I don’t know 10 0 0 4 0 14 25.93%

Total 36 3 2 10 3 54 100.00%

Less than $50,000 15 1 1 3 2 22 40.74%

$50,000 to < $100,000 2 1 1 2 1 7 12.96%

$100,000 to < 250,000 2 1 0 1 0 4 7.41%

$250,000 to < $500,000 1 0 0 0 0 1 1.85%

$500,000 to < $1 million 1 0 0 0 0 1 1.85%


$5 million or more 2 0 0 0 0 2 3.70%

I don’t know 12 0 0 4 0 16 29.63%

Total 36 3 2 10 3 54 100.00%

Less than $50,000 11 0 1 4 3 19 35.19%

$50,000 to < $100,000 10 1 0 2 0 13 24.07%

$100,000 to < $250,000 5 1 1 2 0 9 16.67%

$250,000 to < $500,000 1 1 0 1 0 3 5.56%

$500,000 to < $1 million 2 0 0 0 0 2 3.70%


$5 million or more 0 0 0 0 0 0 0.00%

I don’t know 5 0 0 1 0 6 11.11%

Total 36 3 2 10 3 54 100.00%

Less than $50,000 8 1 2 2 3 16 29.63%

$50,000 to < $100,000 5 1 0 3 0 9 16.67%

$100,000 to < $250,000 6 0 0 1 0 7 12.96%

$250,000 to < $500,000 3 0 0 1 0 4 7.41%

$500,000 to < $1 million 2 0 0 0 0 2 3.70%


$5 million or more 3 0 0 0 0 3 5.56%

I don’t know 7 0 0 2 0 9 16.67%

Total 36 3 2 10 3 54 100.00%




Corporate BCM Program Office (employees)

23. Please estimate individually your organization’s additional budget for the following components o... - BCM Software and Hardware (Include plan-

related document repository and emergency notification solutions)

BCM Software and Hardware (Include plan-related document repository and emergency notification solutions)


related document repository and emergency notification solutions) (cont'd)

Work Area Recovery (Include recovery site costs, third-party service providers, etc.)

Page 10


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Less than $50,000 5 0 1 0 1 7 12.96%

$50,000 to < $100,000 2 0 1 1 0 4 7.41%

$100,000 to < $250,000 6 0 0 0 0 6 11.11%

$250,000 to < $500,000 1 1 0 2 1 5 9.26%

$500,000 to < $1 million 3 2 0 1 1 7 12.96%


$5 million or more 3 0 0 2 0 5 9.26%

I don’t know 12 0 0 4 0 16 29.63%

Total 36 3 2 10 3 54 100.00%

Less than $50,000 18 1 2 4 3 28 51.85%

$50,000 to < $100,000 5 1 0 3 0 9 16.67%

$100,000 to < $250,000 2 1 0 1 0 4 7.41%

$250,000 to < $500,000 3 0 0 0 0 3 5.56%

$500,000 to < $1 million 0 0 0 0 0 0 0.00%


$5 million or more 0 0 0 0 0 0 0.00%

I don’t know 7 0 0 2 0 9 16.67%

Total 36 3 2 10 3 54 100.00%

Less than $50,000 18 1 2 4 3 28 51.85%

$50,000 to < $100,000 3 0 0 1 0 4 7.41%

$100,000 to < $250,000 2 1 0 2 0 5 9.26%

$250,000 to < $500,000 3 0 0 0 0 3 5.56%

$500,000 to < $1 million 0 1 0 0 0 1 1.85%


$5 million or more 0 0 0 0 0 0 0.00%

I don’t know 7 0 0 2 0 9 16.67%

Total 36 3 2 10 3 54 100.00%



Training and Awareness Programs (Include internal training and related costs, external training, registration fees, travel and living expenses for

conference attendance, etc.)



BCM Program Exercises (Include planning, conducting exercises, third-party participation, travel and living expenses, etc.)



IT Disaster Recovery Costs (Include hardware, software, internal recovery capabilities, 3rd party service provider fees, etc.)

Page 11


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

On a case-by-case basis based on individual needs11 0 0 1 2 14 25.93%

As an individual line item in each functional budget10 1 0 4 0 15 27.78%

On a hybrid chargeback basis with a base fee plus

additional usage charges 1 0 0 0 0 1 1.85%

As a percentage of the IT budget 3 0 0 1 0 4 7.41%

As a percentage of the risk management budget5 2 2 4 0 13 24.07%

As a percentage of the individual functional budget2 0 0 0 0 2 3.70%

Other, please briefly describe how funds are allocated

(BCM Funding) 4 0 0 0 1 5 9.26%

Total 36 3 2 10 3 54 100.00%

Business Continuity Management software 27 2 2 4 0 35 64.81%

Business Impact Analysis software 11 1 0 2 0 14 25.93%

Change Management software 5 1 0 3 0 9 16.67%

Emergency Notification software 25 2 1 8 1 37 68.52%

Enterprise GRC (Governance Risk and Compliance)

software 8 1 0 4 0 13 24.07%

Risk Assessment software 6 0 0 1 0 7 12.96%

Microsoft Office Tools (i.e., Word, Excel, etc.) 18 2 0 5 2 27 50.00%

Other (Please specify) 3 0 0 0 0 3 5.56%

Total 36 3 2 10 3 54 100.00%

There is no business continuity management program

in place 1 0 0 0 0 1 1.85%

We are currently in the process of establishing a BCM

Program, defining program governance, scope,

objectives, budgeting and format for plans0 0 0 0 1 1 1.85%

We are currently in the Assessment phase (i.e. Risk

Assessment, Business Impact Analysis, Strategy

Selection, etc.) for the first time in the program’s

lifecycle 0 0 0 0 0 0 0.00%

We are currently developing Business Continuity Plans,

Crisis Management Plans and Disaster Recovery Plans1 1 2 0 1 5 9.26%

We have a BCM Policy, Senior Management Steering or

Advisory Committee, Business Continuity, Crisis

Management and Disaster Recovery Plans in place and

have developed a process for updating those plans on a

regular basis to reflect changes in the business and

lessons learned from exercises, tests or real events34 2 0 10 1 47 87.04%

Total 36 3 2 10 3 54 100.00%

24. Which statement best describes how funds are allocated for BCM Program related initiatives? (Select only one response)

25. Indicate the BCM Program-related software type packages your organization has implemented or plans on implementing in the next year.

(Select all that apply)

26. Which statement best describes your organization’s current BCM program status? (Select only one response)

Page 12


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Level 1 (Self Governed) – The state of preparedness is

generally low across the enterprise 1 0 0 0 2 3 5.56%

Level 2 (Supported Self Governed) - Senior

Management may see value in a BCM Program but

they are unwilling to make it a priority at this time1 0 0 0 0 1 1.85%

Level 3 (Centrally Governed) - A BCM Program Office or

Department has been established which centrally

delivers BCM Program governance and support services

to the business units and other departments within the

organization8 0 1 0 1 10 18.52%

Level 4 (Enterprise Awakening) – Senior management

understands and is committed to the strategic

importance of an effective BCM Program. All business

continuity plans are updated routinely 9 1 1 2 0 13 24.07%

Level 5 (Planned Growth) – A multi-year plan has been

plan has been adopted to “continuously raise the bar”

for planning sophistication and enterprise wide state of

preparedness 11 2 0 8 0 21 38.89%

Level 6 (Synergistic) – Cross functional coordination has

led participants to develop and successfully test

upstream and downstream integration of their business

continuity plans 6 0 0 0 0 6 11.11%

Total 36 3 2 10 3 54 100.00%

Yes 23 2 1 6 1 33 61.11%

No 10 1 1 3 2 17 31.48%

Don’t know 3 0 0 1 0 4 7.41%

Total 36 3 2 10 3 54 100.00%

Yes 33 1 2 8 2 46 85.19%

No 2 2 0 2 0 6 11.11%

Don’t know 1 0 0 0 1 2 3.70%

Total 36 3 2 10 3 54 100.00%

Extremely 7 2 0 3 0 12 22.22%

Very much 19 1 0 5 2 27 50.00%

Somewhat 7 0 2 2 1 12 22.22%

Not at all 3 0 0 0 0 3 5.56%


Total 36 3 2 10 3 54 100.00%

28. Does your organization maintain and foster relationships with external government agencies to ensure the recovery of your organization during

a disaster? (Select only one response)

29. Are mission critical 3rd party service providers required to show evidence they have a viable BCM Program? (Select only one response)

30. How well integrated is the BCM Program with the following capabilities?

Compliance/Audit

27. In your opinion, how would you rate the maturity of your organization’s program? Please rate on the scale of 1 to 6 as noted. (Select only one

response via drop down menu using definitions that follow)

Page 13


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Extremely 9 1 0 5 0 15 27.78%

Very much 17 2 0 2 1 22 40.74%

Somewhat 10 0 1 3 2 16 29.63%

Not at all 0 0 0 0 0 0 0.00%


Total 36 3 2 10 3 54 100.00%

Extremely 15 3 0 7 1 26 48.15%

Very much 15 0 2 3 0 20 37.04%

Somewhat 6 0 0 0 2 8 14.81%

Not at all 0 0 0 0 0 0 0.00%


Total 36 3 2 10 3 54 100.00%

Extremely 6 2 1 2 0 11 20.37%

Very much 12 1 0 6 1 20 37.04%

Somewhat 16 0 1 2 2 21 38.89%

Not at all 1 0 0 0 0 1 1.85%


Total 36 3 2 10 3 54 100.00%

Extremely 6 2 2 5 1 16 29.63%

Very much 15 1 0 3 0 19 35.19%

Somewhat 12 0 0 2 2 16 29.63%

Not at all 2 0 0 0 0 2 3.70%


Total 36 3 2 10 3 54 100.00%

Extremely 5 0 0 5 0 10 18.52%

Very much 20 3 0 1 1 25 46.30%

Somewhat 11 0 2 3 1 17 31.48%

Not at all 0 0 0 0 1 1 1.85%


Total 36 3 2 10 3 54 100.00%

Extremely 16 2 1 6 2 27 50.00%

Very much 13 1 0 3 0 17 31.48%

Somewhat 7 0 1 1 1 10 18.52%

Not at all 0 0 0 0 0 0 0.00%


Total 36 3 2 10 3 54 100.00%

30. How well integrated is the BCM Program with the following capabilities? (cont'd)

Enterprise Risk Management


Facilities/Real Estate Management


Information Technology Management


Corporate Security


Crisis Management


Employee Health and Safety

Page 14


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Extremely 12 1 1 5 1 20 37.04%

Very much 15 0 0 2 1 18 33.33%

Somewhat 8 2 1 3 1 15 27.78%

Not at all 1 0 0 0 0 1 1.85%


Total 36 3 2 10 3 54 100.00%

Extremely 1 1 0 2 0 4 7.41%

Very much 12 2 1 4 0 19 35.19%

Somewhat 17 0 0 3 3 23 42.59%

Not at all 5 0 1 1 0 7 12.96%


Total 36 3 2 10 3 54 100.00%

Extremely 1 0 0 4 0 5 9.26%

Very much 16 2 1 2 0 21 38.89%

Somewhat 15 1 0 1 2 19 35.19%

Not at all 4 0 1 1 1 7 12.96%


Total 36 3 2 10 3 54 100.00%

Extremely 3 1 0 1 0 5 9.26%

Very much 17 1 0 6 0 24 44.44%

Somewhat 13 1 2 1 3 20 37.04%

Not at all 3 0 0 1 0 4 7.41%


Total 36 3 2 10 3 54 100.00%

Extremely 0 1 0 3 0 4 7.41%

Very much 11 1 1 0 0 13 24.07%

Somewhat 18 1 0 6 1 26 48.15%

Not at all 6 0 0 0 2 8 14.81%


Total 36 3 2 10 3 54 100.00%

Extremely 2 0 0 1 0 3 5.56%

Very much 11 2 0 3 0 16 29.63%

Somewhat 19 1 1 4 1 26 48.15%

Not at all 4 0 0 1 2 7 12.96%


Total 36 3 2 10 3 54 100.00%


Relationships with Third Party Service Providers (Utilities, Telecommunications, Information Technology Service Providers or Business Process

Service Providers)


Strategic Planning


Strategic Sourcing/Procurement

30. How well integrated is the BCM Program with the following capabilities? (cont'd) Information Security Management


Management of Insurance Coverage


Relationships with Public Authorities (Police, Fire, EMS, Local Emergency Management Agencies, etc.)

Page 15


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

In response to business changes 7 1 0 0 0 8 14.81%

Semi-annually 3 0 0 0 0 3 5.56%

Annually 22 1 1 6 2 32 59.26%

Every two years 4 1 0 2 1 8 14.81%

Every three years 0 0 0 2 0 2 3.70%

Never 0 0 0 0 0 0 0.00%

Other (please specify) 0 0 1 0 0 1 1.85%

Total 36 3 2 10 3 54 100.00%


Semi-annually 1 0 0 0 0 1 1.85%

Annually 25 2 1 4 0 32 59.26%

Every two years 2 0 0 4 0 6 11.11%


Never 0 0 0 0 0 0 0.00%


Do not know 0 0 0 0 0 0 0.00%

Total 36 3 2 10 3 54 100.00%

Less than $100,000 14 1 2 5 2 24 44.44%

$100,000 to < $500,000 7 1 0 1 1 10 18.52%

$500,000 to < $1 million 0 0 0 1 0 1 1.85%


$5 million or more 1 0 0 0 0 1 1.85%

Do not know 9 0 0 2 0 11 20.37%

Total 36 3 2 10 3 54 100.00%

Yes 11 0 0 4 0 15 27.78%

No 25 3 2 6 3 39 72.22%

Total 36 3 2 10 3 54 100.00%

Yes 14 2 1 3 0 20 37.04%

No 22 1 1 7 3 34 62.96%

Total 36 3 2 10 3 54 100.00%

Yes 6 0 0 1 0 7 12.96%

No 30 3 2 9 3 47 87.04%

Total 36 3 2 10 3 54 100.00%

34. Has your organization experienced an incident or interruption in the past year that caused you to activate any documented business continuity

plans, crisis management plans or disaster recovery plans?

Civil Unrest


plans, crisis management plans or disaster recovery plans? (cont'd)

Cyber (i.e. Breach, DoS, etc.)



Earthquake

31. How often does your organization conduct Risk Assessments? (Select only one response)

32. How often does your organization conduct a Business Impact Analysis (BIA)? (Select only one response)

33. How much would you estimate business disruptions have cost your organization in both outlays and internal (soft) costs in the past 12 months?

Please consider the estimated costs of delayed or cancelled product and service revenues from existing offers as well as new products and services

delayed or cancelled, lifetime cost of lost customers and erosion/loss of brand value. (Select only one response)

Page 16


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Yes 7 0 1 0 0 8 14.81%

No 29 3 1 10 3 46 85.19%

Total 36 3 2 10 3 54 100.00%

Yes 10 2 0 2 0 14 25.93%

No 26 1 2 8 3 40 74.07%

Total 36 3 2 10 3 54 100.00%

Yes 6 0 0 0 0 6 11.11%

No 30 3 2 10 3 48 88.89%

Total 36 3 2 10 3 54 100.00%

Yes 14 2 0 3 0 19 35.19%

No 22 1 2 7 3 35 64.81%

Total 36 3 2 10 3 54 100.00%

Yes 15 2 0 6 0 23 42.59%

No 21 1 2 4 3 31 57.41%

Total 36 3 2 10 3 54 100.00%

Yes 20 2 0 4 1 27 50.00%

No 16 1 2 6 2 27 50.00%

Total 36 3 2 10 3 54 100.00%

Yes 13 1 0 4 1 19 35.19%

No 23 2 2 6 2 35 64.81%

Total 36 3 2 10 3 54 100.00%



IT Related - Change Management Issue, Data Corruption, Denial of Access, Virus, IT Security, etc.



IT Related - Hardware/Software in Production



IT Related - Telecommunications (i.e., Voice, Data, Converged, etc.)



IT Related - Third Party Service Provider in Production (Hosted Solution)



Fire



Flood



Indirectly Due to Supplier Issues or High Profile Neighbor

Page 17


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Yes 14 1 0 3 1 19 35.19%

No 22 2 2 7 2 35 64.81%

Total 36 3 2 10 3 54 100.00%

Yes 21 2 0 5 0 28 51.85%

No 15 1 2 5 3 26 48.15%

Total 36 3 2 10 3 54 100.00%

Yes 2 0 1 2 0 5 9.26%

No 34 3 1 8 3 49 90.74%

Total 36 3 2 10 3 54 100.00%

Yes 21 3 1 7 1 33 61.11%

No 15 0 1 3 2 21 38.89%

Total 36 3 2 10 3 54 100.00%

Yes 2 0 0 0 0 2 3.70%

No 34 3 2 10 3 52 96.30%

Total 36 3 2 10 3 54 100.00%

Yes 3 0 0 1 0 4 7.41%

No 33 3 2 9 3 50 92.59%

Total 36 3 2 10 3 54 100.00%

Yes 8 1 0 1 0 10 18.52%

No 28 2 2 9 3 44 81.48%

Total 36 3 2 10 3 54 100.00%



Privacy



Severe Weather (i.e., Hurricane, Tornado, Winter Weather, etc.)



Social Media Related



Terrorist Attack



Theft



IT Related - Upgrade/Scheduled Outage



Power Outage

Page 18


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Within the past six months 23 2 1 3 1 30 55.56%

Within the past year 4 1 1 5 0 11 20.37%

Within the past two years 4 0 0 0 0 4 7.41%

More than two years ago 3 0 0 2 0 5 9.26%

Never 2 0 0 0 2 4 7.41%

Do not know 0 0 0 0 0 0 0.00%

Total 36 3 2 10 3 54 100.00%

Completely 13 1 1 7 0 22 40.74%

Mostly 16 1 0 3 0 20 37.04%

Somewhat 5 1 1 0 1 8 14.81%

Not at all 0 0 0 0 0 0 0.00%

Do Not Know 2 0 0 0 2 4 7.41%

Total 36 3 2 10 3 54 100.00%

Within the past 6 months 32 3 1 10 0 46 85.19%

Within the past year 3 0 0 0 1 4 7.41%

Within the past 2 years 0 0 0 0 0 0 0.00%

2 years or more 0 0 0 0 0 0 0.00%

We do not exercise our plans 0 0 0 0 0 0 0.00%


Do not know 0 0 0 0 0 0 0.00%

Total 36 3 2 10 3 54 100.00%

< 1% 2 0 1 0 0 3 5.56%

1% to < 2% 1 0 1 1 1 4 7.41%

2% to < 4% 3 1 0 0 0 4 7.41%

4% to < 10% 2 2 0 4 0 8 14.81%

10% or more 6 0 0 0 1 7 12.96%

Do Not Know 22 0 0 5 1 28 51.85%

Total 36 3 2 10 3 54 100.00%

36. For the most recent interruption that required you to activate one or more business continuity plans, how well was your recovery time

objectives met? (Select only one response)

37, When was the most recent Business Continuity Plan exercise? (Select only one response)

38. What percentage of your Information Technology budget does your organization spend on disaster recovery capabilities? (Select only one

response)

35. When was the most recent interruption requiring you to activate one or more business continuity plans? (Select only one response)

Page 19


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

There is no BYOD Program in place and the

organization has no plans to establish one 14 0 1 3 2 20 37.04%

We are currently in the process of establishing a BYOD

Program in the next year4 0 0 0 0 4 7.41%

We have established a BYOD Program that includes

some implementation issues that we are addressing at

this time 3 1 0 1 1 6 11.11%

We have successfully established a BYOD Program that

includes smartphones only 4 0 0 1 0 5 9.26%


currently includes smartphones with plans to include

laptops and/or tablets1 0 0 0 0 1 1.85%


includes laptops, tablets and smartphones10 2 1 5 0 18 33.33%

Total 36 3 2 10 3 54 100.00%

Yes, included in current plans 27 2 1 5 1 36 66.67%

No, not included in current plans 1 1 0 2 0 4 7.41%

Plans to address in the future 8 0 0 2 1 11 20.37%

No plans to address it at this time 0 0 1 1 1 3 5.56%

Total 36 3 2 10 3 54 100.00%


Semi-annually 10 0 0 2 0 12 22.22%

Annually 19 2 1 4 2 28 51.85%

Every two years 1 0 0 0 0 1 1.85%


Never 0 0 1 1 1 3 5.56%

Do not know 2 0 0 1 0 3 5.56%

Other 2 1 0 2 0 5 9.26%

Total 36 3 2 10 3 54 100.00%

Internal – Hardware and Software Solution 24 2 2 6 2 36 66.67%

External – Hardware and Software Solution 7 0 1 1 1 10 18.52%

Combination/Hybrid of Internal and External Solutions15 1 1 5 2 24 44.44%

Move certain capabilities to a Public Cloud Vendor1 0 1 0 0 2 3.70%

Move certain capabilities to a Private Cloud Solution8 1 1 2 0 12 22.22%


None 0 0 0 0 0 0 0.00%

Total 36 3 2 10 3 54 100.00%

42. What is your current IT recovery strategy? (Select all that apply)

39. Which statement best describes the status of your organization’s "bring your own device" (BYOD) program? (Select only one response)

40. Has your organization addressed cyber terrorism in your Business Continuity Management Program and related Business Continuity Plans,

Disaster Recovery Plans, and/or Crisis Management Plans? (Select only one response)

41. How frequently does your organization carry out full scenario testing of its disaster recovery plan involving relevant people, processes and

technologies? (Select only one response)

Page 20


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

BaaS Strategies (Backup as a Service) 3 0 1 1 1 6 11.11%

DRaaS Strategies (Disaster Recovery as a Service)1 0 0 1 0 2 3.70%

IaaS Strategies (Infrastructure as a Service) 3 1 1 0 0 5 9.26%

NaaS Strategies (Network as a Service) 2 0 0 0 1 3 5.56%

PaaS Strategies (Platform as a Service) 3 0 0 0 0 3 5.56%

RaaS Strategies (Recovery as a Service) 2 0 0 0 0 2 3.70%

SaaS Strategies (Software as a Service) 6 1 0 5 1 13 24.07%

Do Not Know 24 1 0 4 1 30 55.56%

Total 36 3 2 10 3 54 100.00%

None 13 0 1 4 1 19 35.19%

< 10% 8 1 0 3 0 12 22.22%

10% to < 25% 1 2 0 0 0 3 5.56%

25% to < 50% 1 0 0 1 0 2 3.70%

50% to < 75% 0 0 0 0 0 0 0.00%

75% or more 1 0 1 0 1 3 5.56%

Do not know 12 0 0 2 1 15 27.78%

Total 36 3 2 10 3 54 100.00%

Within the past six months 18 2 0 4 0 24 44.44%

Within the last year 8 0 1 3 0 12 22.22%

Within the last two years 2 0 0 0 0 2 3.70%

More than two years ago 1 1 0 0 0 2 3.70%

Never 2 0 1 1 3 7 12.96%

Do not know 5 0 0 2 0 7 12.96%

Total 36 3 2 10 3 54 100.00%

Bring Your Own Device 10 1 0 3 1 15 27.78%

Cloud applications 5 0 1 3 1 10 18.52%

Mobile applications 13 2 1 4 0 20 37.04%

Supply Chain Dependencies 13 1 0 4 0 18 33.33%

All of the above 3 1 0 2 0 6 11.11%

None of the above 8 0 1 1 1 11 20.37%

Cyber Attacks 16 1 1 6 2 26 48.15%

Social media 5 0 1 0 1 7 12.96%

Total 36 3 2 10 3 54 100.00%

43. Regarding your organization’s disaster recovery strategies in the cloud, please indicate which strategies your organization has currently

implemented: (Select all that apply)

44. What percentage of application data is stored in the cloud? (Select only one response)

45. When did your organization last conduct any tests of the IT Disaster Recovery Plans with representatives from other key stakeholder companies

or agencies (e.g. supply chain partners, service providers, public sector agencies)? (Select only one response)

46. For which of the following capabilities does your Disaster Recovery plan have documented procedures and written guidelines? (Select all that

apply)?

Page 21


Financial

Services –

Banking

Financial

Services –

Brokerage

Financial

Services –

Credit Card

Financial

Services –

Investment

Financial

Services -

MortgagesTotal

Attend industry conferences 26 3 2 9 2 42

Attend association meetings 20 2 2 9 2 35

Attend continuing education courses at

colleges/universities 6 0 1 2 0 9

Attend internal company training 21 2 1 6 0 30

Attend training provided by third-party companies16 2 0 3 2 23

Pursue professional certification course 21 3 1 7 1 33

Undergraduate degree program 1 0 0 0 0 1

Graduate degree program 2 0 0 1 0 3

None 4 0 0 0 0 4

Other: (Please specify) 0 0 0 1 1 2

Total 36 3 2 10 3 54

47. What types of ongoing business continuity management training have your organization’s employees utilized? (Select all that apply)

Page 22

r Financial Services - Amazon Web...

Documents

Transcript of r Financial Services - Amazon Web...