BCMS By Designsupported by EBRC Cyber-Resilience Portal12th of March 2020Christophe Ruppert – Business Continuity Practice LeadHugo Tasselli – Business Continuity Junior Consultant 1

Business Continuity Convention in Cercle de Wallonie

Who is EBRC ?

Zero downtime since 2000 - 17.000 sqm of IT roomsCompliant with the highest Certifications, Standards and Regulations

IT service one-stop-shop

EBRC, Centre of Excellence in the Management of Sensitive Information in the Heart of Europe

Trusted Services Europe: one-stop-shop

Trusted AdvisoryServices

• 20+ consultants• Risk analysis• Business continuity

plan• IT transformation• DC consultancy

Trusted ManagedServices

• From single component to full outsourcing

• Project Management

• PSF (CSSF)• ISO 20000• 24/7• Performance

Management• SLA, KPI

Trusted Cloud Europe

• Located in Luxembourg-Europe

• Public & Privatecloud

• Available in « Payas you go » mode

• Hybrid Cloud withIntercloud linked

• ISO 27001• PCI-DSS

Trusted SecurityEurope

• SOC• CERT• Partnerships:

OpenText, I Trust, Phosforea…

Trusted ResilienceServices

• 1000 business positions

• SLA start from 2 hours

• PFS compliant(CSSF)

• Multiple locations in Luxembourg

• Recovery centre for finance industry

• Local and off-shore clients

TrustedData Centre

• 17.000 sqm IT rooms

• 3 Certified Tier IV Data Centres

• ½ Rack, Racks, private suites

• Excellent latencytime

• 100% green energy

Turn business challenges into

competitive advantage

OptimizeDigital businessperformance

Access to TrustedCloud resources

in Europe

Cyber-ResilienceFor digital business

The digitalresilience centre in

Luxembourg

EBRC Certified Tier IVdata centres perform

0 downtime since 2000

xxxxxxx

• Xxxxxx- xxxxxxxx

xxxxxxxxxxxx

BCMS (ISO 22301) Approach

The ISO 22301 Advantages

5

Predictable and effective

response to crises

Protection of people

Maintenance of vital activities

of the organization

Better understanding

of the organization

Cost reductionRespect of the

interested parties

Protection of the reputation

and brand

Confidence of clients

Competitive advantage

Legal compliance

Regulatory compliance

Contract compliance

Roles & Responsibility within the ISO 22301

6

Gap Analysis

7

Objectives • Identify the organization posture towards ISO 22301• Provide an action plan to fill the gap

Approach• Review of BCM documentation• Workshops with questionnaires

Results• General overview• Rate of alignment with ISO 22301• Level of investment

ISO 22301 Gap Analysis example – General overview

8

020406080

100Scope of BCMS

Legal and Regulatory RequirementsManagement Commitment

BC Policy

Roles & Responsibilities

Resources

Competences

Awareness

Documentation ManagementOperational Planning and Control

Business Impact AnalysisRisk Assessment

Business Continuity Strategy

Incident Response Structure

Warning and Communication

Business Continuity Plans

Exercising and Testing

Performance and EffectivenessMeasurement

Internal AuditManagement Review

Current Alignment 25% Alignment" 50% Alignment" 75% Alignment" 100% Alignment"

ISO 22301: Business Continuity Best Practice

9

020406080

100Scope of BCMS

Legal and Regulatory RequirementsManagement Commitment

BC Policy

Roles & Responsibilities

Resources

Competences

Awareness

Documentation ManagementOperational Planning and Control

Business Impact AnalysisRisk Assessment

Business Continuity Strategy

Incident Response Structure

Warning and Communication

Business Continuity Plans

Exercising and Testing

Performance and EffectivenessMeasurement

Internal AuditManagement Review

Current Alignment 25% Alignment" 50% Alignment" 75% Alignment"

BIA Results : Example of Consolidated RTO crossed activities

10

BIA Results:Critical Applications & Business Requirements

11

BIA Results – Recovery Profiles

12

DR Status

13

SLA Status

14

Business Continuity Strategy

15

Objectives • Define the actions needed to protect the organization• Chose the most suitable strategy in terms of cost and solution

Business Continuity Strategy contains• The scenarios covered by the strategy• The strategy and its requirements

Business Continuity Strategies

16

Business Continuity Plan

17

Objectives

• Define Roles• Key roles involved in the Business Recovery

• Using a clear BC Plan with 2 main sections• S1 : Site Incident Plan• S2: Department Incident Plan

Business Resilience summarised in 5 points.

18

Starting from the business to evaluate

impacts.

Identifying critical

activities.

Evaluating the IT

system’s business

continuity capabilities.

Defining and testing crisis management components.

Raising awareness

and providing information

to employees.

xxxxxxx

• Xxxxxx- xxxxxxxx

xxxxxxxxxxxx BCMS Components AutomationWith the Cyber-Resilience PortalPowered by EBRC