bcms by design · bcms by design. supported by ebrc cyber-resilience portal. 12th of march 2020....
TRANSCRIPT
BCMS By Designsupported by EBRC Cyber-Resilience Portal12th of March 2020Christophe Ruppert – Business Continuity Practice LeadHugo Tasselli – Business Continuity Junior Consultant 1
Business Continuity Convention in Cercle de Wallonie
Who is EBRC ?
Zero downtime since 2000 - 17.000 sqm of IT roomsCompliant with the highest Certifications, Standards and Regulations
IT service one-stop-shop
EBRC, Centre of Excellence in the Management of Sensitive Information in the Heart of Europe
Trusted Services Europe: one-stop-shop
Trusted AdvisoryServices
• 20+ consultants• Risk analysis• Business continuity
plan• IT transformation• DC consultancy
Trusted ManagedServices
• From single component to full outsourcing
• Project Management
• PSF (CSSF)• ISO 20000• 24/7• Performance
Management• SLA, KPI
Trusted Cloud Europe
• Located in Luxembourg-Europe
• Public & Privatecloud
• Available in « Payas you go » mode
• Hybrid Cloud withIntercloud linked
• ISO 27001• PCI-DSS
Trusted SecurityEurope
• SOC• CERT• Partnerships:
OpenText, I Trust, Phosforea…
Trusted ResilienceServices
• 1000 business positions
• SLA start from 2 hours
• PFS compliant(CSSF)
• Multiple locations in Luxembourg
• Recovery centre for finance industry
• Local and off-shore clients
TrustedData Centre
• 17.000 sqm IT rooms
• 3 Certified Tier IV Data Centres
• ½ Rack, Racks, private suites
• Excellent latencytime
• 100% green energy
Turn business challenges into
competitive advantage
OptimizeDigital businessperformance
Access to TrustedCloud resources
in Europe
Cyber-ResilienceFor digital business
The digitalresilience centre in
Luxembourg
EBRC Certified Tier IVdata centres perform
0 downtime since 2000
xxxxxxx
• Xxxxxx- xxxxxxxx
xxxxxxxxxxxx
BCMS (ISO 22301) Approach
The ISO 22301 Advantages
5
Predictable and effective
response to crises
Protection of people
Maintenance of vital activities
of the organization
Better understanding
of the organization
Cost reductionRespect of the
interested parties
Protection of the reputation
and brand
Confidence of clients
Competitive advantage
Legal compliance
Regulatory compliance
Contract compliance
Roles & Responsibility within the ISO 22301
6
Gap Analysis
7
Objectives • Identify the organization posture towards ISO 22301• Provide an action plan to fill the gap
Approach• Review of BCM documentation• Workshops with questionnaires
Results• General overview• Rate of alignment with ISO 22301• Level of investment
ISO 22301 Gap Analysis example – General overview
8
020406080
100Scope of BCMS
Legal and Regulatory RequirementsManagement Commitment
BC Policy
Roles & Responsibilities
Resources
Competences
Awareness
Documentation ManagementOperational Planning and Control
Business Impact AnalysisRisk Assessment
Business Continuity Strategy
Incident Response Structure
Warning and Communication
Business Continuity Plans
Exercising and Testing
Performance and EffectivenessMeasurement
Internal AuditManagement Review
Current Alignment 25% Alignment" 50% Alignment" 75% Alignment" 100% Alignment"
ISO 22301: Business Continuity Best Practice
9
020406080
100Scope of BCMS
Legal and Regulatory RequirementsManagement Commitment
BC Policy
Roles & Responsibilities
Resources
Competences
Awareness
Documentation ManagementOperational Planning and Control
Business Impact AnalysisRisk Assessment
Business Continuity Strategy
Incident Response Structure
Warning and Communication
Business Continuity Plans
Exercising and Testing
Performance and EffectivenessMeasurement
Internal AuditManagement Review
Current Alignment 25% Alignment" 50% Alignment" 75% Alignment"
BIA Results : Example of Consolidated RTO crossed activities
10
BIA Results:Critical Applications & Business Requirements
11
BIA Results – Recovery Profiles
12
DR Status
13
SLA Status
14
Business Continuity Strategy
15
Objectives • Define the actions needed to protect the organization• Chose the most suitable strategy in terms of cost and solution
Business Continuity Strategy contains• The scenarios covered by the strategy• The strategy and its requirements
Business Continuity Strategies
16
Business Continuity Plan
17
Objectives
• Define Roles• Key roles involved in the Business Recovery
• Using a clear BC Plan with 2 main sections• S1 : Site Incident Plan• S2: Department Incident Plan
Business Resilience summarised in 5 points.
18
Starting from the business to evaluate
impacts.
Identifying critical
activities.
Evaluating the IT
system’s business
continuity capabilities.
Defining and testing crisis management components.
Raising awareness
and providing information
to employees.
xxxxxxx
• Xxxxxx- xxxxxxxx
xxxxxxxxxxxx BCMS Components AutomationWith the Cyber-Resilience PortalPowered by EBRC