The Role of Business Continuity in
25th - 26 th February Disasters’ Response
Sadiyat Island Abu Dhabi
25 February 2014
Alan Berman
President/CEO
DRI International
DRI International
A Global Non-Profit Organization founded in 1988
The Industry’s Premier Education & Certification
Program Body
Committed to:
- Promoting a base of common knowledge for the continuity management
industry
- Certifying qualified individuals in the discipline of Business Continuity
- Promoting the credibility and professionalism of certified individuals
DRI International – Truly International
•
DRI has Certified INDIVIDUALS in over 100 Countries
•
DRI conducts training courses in over 50 countries
•
Since 2009, DRI taught more students outside the US than within the US
•
More individuals are certified by DRI International than all other organizations in our
industry combined (11,000+ active individuals as of June 2013)
•
Since 1988, 25,000+ individuals have held a DRI certification
•
DRI trains and certifies in English, Spanish, French, Italian, Japanese, Mandarin,
Portuguese, and Russian
•
Creation of the first international glossary for business continuity
Government Organization Collaboration
•
•
•
•
•
•
•
•
United States:
• Chaired the Alfred P. Sloan Committee that drafted the Framework for Preparedness that is the
foundation for the Title IX Implementation.
• Member U.S. Chamber of Commerce Homeland Security Task Force
• Member of the Council of Experts for ANSI-ANAB who will set the credentialing standard for certifying
bodies for PS-Prep
• Member of FEMA National Advisory Council Private Sector Subcommittee
• Member of Advisory Committee for Congressionally funded Project for National Security Reform
• Meeting with Special Assistant to The President for Homeland Security Standards Policy
APEC: Only business continuity certification recognized by the Asian Pacific Economic Cooperation
DRI Canada is a member of the technical committee for the CSA Z1600 Standard for Emergency
Management & Business Continuity
Singapore: Official BCM education partner for the government-sponsored Singapore Business Federation
Malaysia: Annual DRI conference in collaboration with the Ministry of Science, Technology and Innovation
via its agency: Cyber Security Malaysia to promote BCM
Japan: Joint Declaration on overcoming future crises with municipal governments of Tokyo and Niigata
Mexico: Advisor to the government for development of new national BCP standard
UAE: Member Standards Committee Advisory Team
DRI International Outreach
International Publications
Weekly E-News
Charitable Giving and Volunteerism
The Disaster Recovery International Foundation is a 501(c)(3) non-profit organization whose
mission is to promote professional and personal preparedness; promulgate response and
recovery practices through proactive and real time engagement with organizations,
individuals and communities; liaise with relief organizations on behalf of businesses and
communities impacted by a disaster to expedite the response and focus of aid during or after
an event; and, provide volunteer opportunities for Business Continuity, Disaster Recovery,
and Emergency Management professionals everywhere.
• Launched as a separate entity of DRI International (DRII) in July 2011
• The Foundation leverages DRII’s relationships with U.S. and world governments – including local
grass roots organizations -- to empower the more than 10,000 worldwide Certified Professionals
with a pathway to give back to their communities.
The Role of BCP in Disasters
Disaster Response Components
Activity
Emergency
Response
Inception - Duration
Crisis
Management
Business Continuity
Emergency Response
Activity
Emergency
Response
Inception - Duration
Crisis
Management
Business Continuity
Crisis Management
Activity
Emergency
Response
Inception - Duration
Crisis
Management
Business Continuity
Business Continuity
Activity
Emergency
Response
Inception - Duration
Crisis
Management
Business Continuity
•
Cause vs. Effect
•
Risk Management – Anticipates Causes (Risks)
Identifies Threats (Facility, Environmental, Climatic, Geopolitical,
Personnel, Business, Technology, etc)
Recommends Mitigation
•
•
•
•
•
Probability
Cost of Mitigation
BCM - Deals with Effects
• What are the Implications of failing to mitigate or prevent
Preparation
• Structure, planning, resources, testing
• Execution
• Relocation, operating under duress
•
Risk Assessment –
Preparing to Deal with Causes
Location 1
Possible Scenarios
G
Primary
Workspace
Primary Systems &
Electronic Data
Key Personnel
Key Vendors
and Services
Vital Records
(Paper Files &
Mail)
Power Failure
Electric Internal
G
Y
G
G
G
Con Ed failure
G
Y
G
G
G
Back-up Generators failure
G
Y
G
G
G
Gas Leaks
R
R
R
G
G
Telecommunications Network Failure (Lan/Wan)
Loss of Vendor Service
G
R
G
R
G
Loss of Voice Service
G
G
G
R
G
Loss of Cellular Service
G
G
G
Y
G
Loss of Data Transmissions
G
R
G
R
G
Router / Hub Failure/Firewall
G
R
G
R
G
Overloaded: Performance failure
G
R
G
R
G
Software failure
G
R
G
G
Y
Infrastructure damaged
G
R
G
R
Y
Mainframe failure
G
R
G
R
Y
Server failure
G
R
G
R
Y
Router failure
G
R
G
R
Y
Hubs Failure
G
R
G
R
Y
Data Center Failure
Water / Plumbing / Sprinkler Malfunction
Y
R
•
Cause vs. Effect
•
Risk Management – Anticipates Causes (Risks)
Identifies Threats (Facility, Environmental, Climatic, Geopolitical,
Personnel, Business, Technology, etc)
Recommends Mitigation
•
•
•
•
•
Probability
Cost of Mitigation
BCM - Deals with Effects
• What are the Implications of failing to mitigate or prevent
Preparation
• Structure, planning, resources, testing
• Execution
• Relocation, operating under duress
•
Effects, Impacts, Consequences
INCIDENT OCCURS
Facilities
•Fire
•Flood
•Bomb Scare
•SARS,H1N1, H5N1
•Terrorism
•etc.
Business or
Operational
•Supply Chain
•Process Error
•Labor Strikes
•SARS, H1N1, H5N1
•Labor Strike
•etc.
Technology
•Network Problem
•Application Error
•Hardware Failure
•Virus
•Power Problem
•etc.
Organization
•M & A
•Succession
•IP Issue
•Audit Issues
•Financial Problems
•etc.
•Cause
•
Risk Management – Anticipates Causes (Risks)
•
Identifies Threats (Facility, Environmental, Climatic, Geopolitical,
Personnel, Business, Technology, etc)
Recommends Mitigation
•
•
•
•
vs. EffectReducing Causes
Probability
Cost of Mitigation
Reducing
BCM - Deals with
Effects Effects
• What are the Implications of failing to mitigate or prevent
•
Preparation
•
•
Structure, planning, resources, testing
Execution
•
Relocation, operating under duress
Traditional Causes of Interruptions
Natural
Disasters
Man-Made
Incidents
Technology
Failure
New Concerns
Pandemics
Nuclear,
Biological, Chemical
Political
Economic
Combining Disciplines
More Integrated Solution
– Business Continuity
– Disaster Recovery (IT Recovery and Continuity)
– Emergency Response
– Crisis Management
UNDER THE BANNER OF
BUSINESS CONTINUITY MANAGEMENT
Resiliency
Enterprise Risk
Risks associated with not only accidental losses, but also financial, strategic,
operational, and other risks.
Operational Risk
Risks associated with internal inadequacies of an organization or a breakdown of
its controls, operations or procedures.
Business Continuity Management
Reducing the impacts that occur when there is a failure in Enterprise or
Operational Risk Management
Thank You