The Role of Business Continuity in 25th - 26 th February Disasters’ Response Sadiyat Island Abu Dhabi 25 February 2014 Alan Berman President/CEO DRI International DRI International A Global Non-Profit Organization founded in 1988 The Industry’s Premier Education & Certification Program Body Committed to: - Promoting a base of common knowledge for the continuity management industry - Certifying qualified individuals in the discipline of Business Continuity - Promoting the credibility and professionalism of certified individuals DRI International – Truly International • DRI has Certified INDIVIDUALS in over 100 Countries • DRI conducts training courses in over 50 countries • Since 2009, DRI taught more students outside the US than within the US • More individuals are certified by DRI International than all other organizations in our industry combined (11,000+ active individuals as of June 2013) • Since 1988, 25,000+ individuals have held a DRI certification • DRI trains and certifies in English, Spanish, French, Italian, Japanese, Mandarin, Portuguese, and Russian • Creation of the first international glossary for business continuity Government Organization Collaboration • • • • • • • • United States: • Chaired the Alfred P. Sloan Committee that drafted the Framework for Preparedness that is the foundation for the Title IX Implementation. • Member U.S. Chamber of Commerce Homeland Security Task Force • Member of the Council of Experts for ANSI-ANAB who will set the credentialing standard for certifying bodies for PS-Prep • Member of FEMA National Advisory Council Private Sector Subcommittee • Member of Advisory Committee for Congressionally funded Project for National Security Reform • Meeting with Special Assistant to The President for Homeland Security Standards Policy APEC: Only business continuity certification recognized by the Asian Pacific Economic Cooperation DRI Canada is a member of the technical committee for the CSA Z1600 Standard for Emergency Management & Business Continuity Singapore: Official BCM education partner for the government-sponsored Singapore Business Federation Malaysia: Annual DRI conference in collaboration with the Ministry of Science, Technology and Innovation via its agency: Cyber Security Malaysia to promote BCM Japan: Joint Declaration on overcoming future crises with municipal governments of Tokyo and Niigata Mexico: Advisor to the government for development of new national BCP standard UAE: Member Standards Committee Advisory Team DRI International Outreach International Publications Weekly E-News Charitable Giving and Volunteerism The Disaster Recovery International Foundation is a 501(c)(3) non-profit organization whose mission is to promote professional and personal preparedness; promulgate response and recovery practices through proactive and real time engagement with organizations, individuals and communities; liaise with relief organizations on behalf of businesses and communities impacted by a disaster to expedite the response and focus of aid during or after an event; and, provide volunteer opportunities for Business Continuity, Disaster Recovery, and Emergency Management professionals everywhere. • Launched as a separate entity of DRI International (DRII) in July 2011 • The Foundation leverages DRII’s relationships with U.S. and world governments – including local grass roots organizations -- to empower the more than 10,000 worldwide Certified Professionals with a pathway to give back to their communities. The Role of BCP in Disasters Disaster Response Components Activity Emergency Response Inception - Duration Crisis Management Business Continuity Emergency Response Activity Emergency Response Inception - Duration Crisis Management Business Continuity Crisis Management Activity Emergency Response Inception - Duration Crisis Management Business Continuity Business Continuity Activity Emergency Response Inception - Duration Crisis Management Business Continuity • Cause vs. Effect • Risk Management – Anticipates Causes (Risks) Identifies Threats (Facility, Environmental, Climatic, Geopolitical, Personnel, Business, Technology, etc) Recommends Mitigation • • • • • Probability Cost of Mitigation BCM - Deals with Effects • What are the Implications of failing to mitigate or prevent Preparation • Structure, planning, resources, testing • Execution • Relocation, operating under duress • Risk Assessment – Preparing to Deal with Causes Location 1 Possible Scenarios G Primary Workspace Primary Systems & Electronic Data Key Personnel Key Vendors and Services Vital Records (Paper Files & Mail) Power Failure Electric Internal G Y G G G Con Ed failure G Y G G G Back-up Generators failure G Y G G G Gas Leaks R R R G G Telecommunications Network Failure (Lan/Wan) Loss of Vendor Service G R G R G Loss of Voice Service G G G R G Loss of Cellular Service G G G Y G Loss of Data Transmissions G R G R G Router / Hub Failure/Firewall G R G R G Overloaded: Performance failure G R G R G Software failure G R G G Y Infrastructure damaged G R G R Y Mainframe failure G R G R Y Server failure G R G R Y Router failure G R G R Y Hubs Failure G R G R Y Data Center Failure Water / Plumbing / Sprinkler Malfunction Y R • Cause vs. Effect • Risk Management – Anticipates Causes (Risks) Identifies Threats (Facility, Environmental, Climatic, Geopolitical, Personnel, Business, Technology, etc) Recommends Mitigation • • • • • Probability Cost of Mitigation BCM - Deals with Effects • What are the Implications of failing to mitigate or prevent Preparation • Structure, planning, resources, testing • Execution • Relocation, operating under duress • Effects, Impacts, Consequences INCIDENT OCCURS Facilities •Fire •Flood •Bomb Scare •SARS,H1N1, H5N1 •Terrorism •etc. Business or Operational •Supply Chain •Process Error •Labor Strikes •SARS, H1N1, H5N1 •Labor Strike •etc. Technology •Network Problem •Application Error •Hardware Failure •Virus •Power Problem •etc. Organization •M & A •Succession •IP Issue •Audit Issues •Financial Problems •etc. •Cause • Risk Management – Anticipates Causes (Risks) • Identifies Threats (Facility, Environmental, Climatic, Geopolitical, Personnel, Business, Technology, etc) Recommends Mitigation • • • • vs. EffectReducing Causes Probability Cost of Mitigation Reducing BCM - Deals with Effects Effects • What are the Implications of failing to mitigate or prevent • Preparation • • Structure, planning, resources, testing Execution • Relocation, operating under duress Traditional Causes of Interruptions Natural Disasters Man-Made Incidents Technology Failure New Concerns Pandemics Nuclear, Biological, Chemical Political Economic Combining Disciplines More Integrated Solution – Business Continuity – Disaster Recovery (IT Recovery and Continuity) – Emergency Response – Crisis Management UNDER THE BANNER OF BUSINESS CONTINUITY MANAGEMENT Resiliency Enterprise Risk Risks associated with not only accidental losses, but also financial, strategic, operational, and other risks. Operational Risk Risks associated with internal inadequacies of an organization or a breakdown of its controls, operations or procedures. Business Continuity Management Reducing the impacts that occur when there is a failure in Enterprise or Operational Risk Management Thank You