bcp certification for the public sector professional
TRANSCRIPT
May 2013
Walter E. Washington
Convention Center
Washington, DC
www.govsecinfo.com #GovSecInfo
Daniel Mikulsky, MBCP
DRI International
BCP Certification for the Public Sector Professional
www.govsecinfo.com #GovSecInfo
DRI International
A Global Non-Profit Organization founded in 1988
The Industry’s Premier Education & Certification Program Body
Committed to:
- Promoting a base of common knowledge for the continuity management industry
- Certifying qualified individuals in the discipline of Business Continuity
- Promoting the credibility and professionalism of certified individuals
www.govsecinfo.com #GovSecInfo
DRI International – Who Are We?
A Global Non-Profit Organization Committed to:
• Promoting a base of common knowledge for the continuity management industry
• Certifying qualified individuals in the discipline of Business Continuity
• Promoting the credibility and professionalism of certified individuals
• The Industry’s Premier Education and Certification Program Body
DRI International was established in 1988.
www.govsecinfo.com #GovSecInfo
DRI International – Truly International
• DRI has Certified INDIVIDUALS in over 100 Countries
• DRI conducts training courses in over 45 countries
• Since 2009-DRI taught more students outside the US than within the US
• More individuals are certified by DRI International than all other organizations in our industry combined (Over 10,000 active individuals as of December 2012)
• Since 1988, more than 25,000 individuals have held a DRI certification
• DRI Certifies individuals in English, Spanish, French, Japanese, Mandarin and Russian
• DRI International teaches in English, French, Spanish, Portuguese, Mandarin, Japanese, Italian and Russian
www.govsecinfo.com #GovSecInfo
DRI International – US Government Collaboration
• Chaired the Alfred P. Sloan Committee that drafted the Framework for Preparedness (foundation for the Title IX Implementation)
• Member U.S. Chamber of Commerce Homeland Security Task Force
• Member of the Council of Experts for ANSI-ANAB who will set the credentialing standard for certifying bodies for PS-Prep
• Member of FEMA National Advisory Council Private Sector Subcommittee
• Member of Advisory Committee for Congressionally funded Project for National Security Reform
• Meeting with Special Assistant to The President for Homeland Security Standards Policy
• Member National Preparedness Month Coalition
www.govsecinfo.com #GovSecInfo
DRI International – International Government Collaboration
• Signatory to Japanese Joint Aid Agreement
• Member Standards Review Team UAE
• Member Standards Review Team Mexico
www.govsecinfo.com #GovSecInfo
Non-Governmental Organization Collaboration
• ASFHS – Education and Sponsorship
• CPE – Sponsorship
• ACP – Sponsorship
• CPM – Joint Sponsorship
• Chaired Drill Down for Safety - Safe
America
• Habitat for Humanity
• Second Harvest
• The Mahila Partnership
• World BCM Glossary Project
• National Foundation for Women
Legislators (NFWL)
Other Partnerships
• Member of the NFPA 1600 Technical
Committee
• Member of the BS25999 – ASIS
Technical Committee
• Participant RIMS (Risk Insurance
Managers Society) PERK (Professional
Exchange of Risk Knowledge) Program
• Cooperative Education Credit Sharing
with ISACA (Information Systems Audit
and Control Association)
• Cooperative Education Credit Sharing
with IC2
• Audit Course Development and
Training for Auditors with NFPA
(National Fire Prevention Association)
Non-Government Collaboration
www.govsecinfo.com #GovSecInfo
DRI Certification
• Levels of Certification
– Associate Business Continuity Professional (ABCP)
– Certified Functional Continuity Professional (CFCP)
– Master Certified Business Continuity Professional (MBCP)
www.govsecinfo.com #GovSecInfo
BCM Education
• As Part of Higher Education Curriculum
Emergency Management Enterprise Risk Management
• Undergraduate • Graduate • Executive Certificate Program • In Class • Distance Learning
Future State of BCM Education
• Fragmented
Professional Organizations
Training Centers
• Higher Education
• Lacks Consistency
• Relies on Local Interpretation
• Rarely Contains Recognized Standards
• Acceptance is Localized
Current State of BCM Education
www.govsecinfo.com #GovSecInfo
Importance of Individual Certification
• Greater Marketplace Recognition
–Job Pre-Requisites
–Distinguishes Candidate
• HR Key Words
–MBCP, CBCP, ABCP
• Financial Gain – certification is correlated with higher wages
www.govsecinfo.com #GovSecInfo
BCM Led By DRII Certified Professionals
• Deloitte & Touche • Booz Allen • PricewaterhouseCoopers • Ernst & Young • KPMG • Marsh • Accenture • Navigant • Computer Sciences Corporation • IBM • Johnson Consulting • Jefferson Wells • EDS • Protiviti • SAIC • Perot • SunGard • 5 Guys
• AIG • Morgan Stanley • American Express • AG Edwards • Citigroup • Wells Fargo • Bank of America • Wachovia • Washington Mutual • JPMorgan Chase • Nationwide • Fidelity • Vanguard • Merrill Lynch • Franklin Templeton • VISA • NY Life • McKesson • Microsoft
• Pfizer • Goodyear • Genetech • Georgia Pacific • Nokia • Hitachi • Verizon • Shering Plough • Fujitsu • AT&T • BP • Sprint • Chevron Texaco • Ericsson • Raytheon • Siemens • Starbucks Coffee Company • Nestle
www.govsecinfo.com #GovSecInfo
BCM Led By DRII Certified Professionals
• The University of Texas • Penn State • Columbia • Yale • Northwestern • University of Illinois • University of Miami • Vanderbilt • DePaul • University of Oklahoma • Carnegie Mellon • LSU • Michigan State • Drexel University • George Washington University • University of Connecticut • NC State • University of South Carolina • Ohio State
• US Senate • State of Oklahoma • City Of Austin Texas • NYC Housing Authority • US Army • Department Of Energy • Oregon State Treasury • State Of California • Dept. of the Air Force • City of Philadelphia • Federal Reserve • State Of Ohio • US Navy • FBI • IRS • Department of Veterans Affairs • Port Authority of NY & NJ • State of Minnesota • U.S. Nuclear Regulatory Commission • U.S. Treasury
www.govsecinfo.com #GovSecInfo
Why Is Certification Important?
76.86% of responders hold DRI certification
www.govsecinfo.com #GovSecInfo
Industry Demand for Certified Professionals
25 Hot Careers That Didn't Exist 10 Years Ago
by JoVon Sotak, FindtheRightSchool.com
“What did you want to be when you grew up? Astronaut? Movie star? Superhero? Whatever made
your list, green marketer probably wasn't on it--but that job may be on the lists of today's youngsters.
Here's a list of emerging careers that you (and your inner child) can get excited about. You couldn't have
daydreamed about any of these jobs when you were a child--because they didn't exist then. In fact,
they're so new that, although they're starting to be recognized, the U.S. Bureau of Labor Statistics doesn't
yet have data on them. If you've been looking for a new dream job or haven't decided what you want to
be when you "grow up," these are 25 new options”.
Business:
1. Business continuity specialists plan and implement recovery solutions to keep businesses
functioning during disasters and emergency situations
www.govsecinfo.com #GovSecInfo
Industry Demand for Certified Professionals
Business Priorities
1. Computerized Physician Order Entry (CPOE)
2. Electronic Medical Record (EMR)
3. Clinical Decision Support (CDS)
4. Clinical Information Systems
5. Health Information Exchange
6. Billing/Coding
7. Data Security
8. Business Continuity/Disaster Recovery
IT Priorities
1. Reducing Medical Errors
2. Delivering Clinical Knowledge to Physicians
3. Implementing/Upgrading Clinical Information Systems
4. Delivering Clinical Knowledge to Physicians
5. Implementing an EMR
6. Improving Departmental Workflow
7. Disaster Recovery
8. Enterprisewide Clinical Information Sharing
www.govsecinfo.com #GovSecInfo
Reasons for Business Continuity
External Drivers Impacts
• Pressure from audit committees
• Pressure from financial institutions
• Pandemic concern
• New threats & risks since 9/11
• Demands from customers
• Increased regulatory and self-regulated requirements
• Loss of customers or inability to attract new customers
• Loss of revenue
• Decrease in stock value
• Increase of insurance premiums
• Loss of assets and employees
• Regulatory sanctions
www.govsecinfo.com #GovSecInfo
Consumer Credit Protection Act
OMB Circular A-130
FEMA Guidance Document
Paperwork Reduction Act
ISO 27002 (Previously ISO17799)
FFIEC BCP Handbook
Computer Security Act
12 CFR Part 18
Presidential Decision Directive 67
FDA Guidance on Computerized Systems
used in Clinical Trials
ANSI/NFPA Standard 1600
Turnbull Report (UK)
ANAO Best Practice Guide (Australia)
SEC Rule 17 a-4
FEMA FPC 65
CAR
JHACO
Pre-9/11
1991-2001
Sarbanes-Oxley Act of 2002
HIPAA, Final Security Rule
FFIEC BCP Handbook -2003/ 2008
Fair Credit Reporting Act
NASD Rule 3510
NERC Security Guidelines
FERC Security Standards
NAIC Standard on BCP
NIST Contingency Planning Guide
FRB-OCC-SEC Guidelines for
Strengthening the Resilience of US
Financial System
NYSE Rule 446
California SB 1386
Australia Standards BCM Handbook
GAO Potential Terrorist Attacks
Guideline
Federal and Legislative BC
Requirements for IRS
Basel Capital Accord
MAS Proposed BCP Guidelines (Singapore)
NFA Compliance Rule 2-38
FSA Handbook (UK)
BCI Standard, PAS 56 (UK)
Civil Contingencies Bill (UK)
2002 Safety Act
FCD-1/2 NYS Circular Letter 7
ASIS State of NY FIRM White Paper on CP NISCC Good Practices (Telecomm)
Australian Prudential Standard on BCM HB221 HB292
BS25999 SS507 – SS540
TR19 CA Z1600
ISO/PAS 22399 HiTech Act of 2009
DRI
Title IX – 110-53
Post-9/11
2002-2011
www.govsecinfo.com #GovSecInfo
The DRI Standard
• Project Initiation and Management
• Risk Evaluation and Control
• Business Impact Analysis
• Developing Business Continuity Strategies
• Emergency Response and Operations
• Developing and Implementing Business Continuity Plans
• Awareness and Training Programs
• Maintaining and Exercising Plans
• Crisis Communications
• Coordination with External Agencies
The Ten Professional Practices for Business Continuity Professionals
DRI International is an ANSI-Accredited Standards Development Organization
Download the full text for free on our website: www.drii.org
www.govsecinfo.com #GovSecInfo
DRI Professional Practices
PP1 – Program Initiation and Management
PP2 PP3
PP4
PP5 PP6 PP8 – Exercise, Maintain, Audit PP9
PP7 – Awareness & Training
PP10 – Coordination with External Agencies
PP2 - Risk Analysis and PP3 - Business Impact Analysis
PP4 - Develop
Business
Continuity
Strategy
PP5 – Emergency Response Plans
PP6 – Business Continuity/Disaster Recovery Plans
PP9 – Crisis Management Plans