chicago-acp-brpa-05-
TRANSCRIPT
Maintaining a Competitive Maintaining a Competitive Edge as a Business Edge as a Business Continuity ProfessionalContinuity Professional
Ann Pickren
May, 2009Chicago
Challenging TimesChallenging Times
• Today’s Economic Business Environment
Reductions in internal program budgets Staff reductions Highly competitive job market
• New Regulations Uncertainty of impact DHS “Preparedness” Initiatives Overlapping requirements
• Job Market retractions2
YOURYOUR World is Changing World is ChangingSituations Differ for all of us:
1. Secured Employment Issues with internal program commitment Confusion over program direction (compliance
with DHS PS Prep, adherence to new & developing standards)
Demands from DHS for Critical Infrastructure & Key Resources (CIKR)
Demands for expansion and focus on existing programs
2. Searching for Employment Increased number of qualified candidates How to differentiate yourself
3
The Industry is ChangingThe Industry is Changing
• Confluence New Standards –
• NFPA1600
• BS25999
• ASIS
• ISO
DHS implementation of Public Law 110.53 (“PS Prep” and “CIKR”)
New certification options for individuals
4
Preparing YourselfPreparing Yourself• Your individual “tool kit” must
constantly be fine-tuned and kept up to date with changing regulations and standards
• You must arm yourself with knowledge to communicate to your executives the importance of the changing environments and the need to focus on continued commitment to the BC program
5
Preparing YourselfPreparing Yourself
• Improve/Advance your “value” Know what is developing in the industry
• Regulations/Standards
• Improved services
• Position your program with corporate drivers
• Enterprise Risk
• Operational Risk
• Business Continuity Risk
• Secure additional credentials• Certifications
6
7
Business Continuity Business Continuity Management Standards & Management Standards & RegulationsRegulations
Maintaining sanity while the world around us moves into a more formal set of criteria
for business continuity programs.
Business Continuity Business Continuity StandardsStandards
Identified Standards Developers for Business Continuity◦ASIS (ANSI)◦NFPA◦BSI◦Standards Australia◦DRI* (ANSI)◦ISO
8
8
BC-Related StandardsBC-Related Standards
PublicSector
PrivateSector
InPrint
In Dev’t
ANSI / ARMA 5-2003: Vital Records Programs - Identifying, Managing, and Recovering Business-Critical Records
X X 2003
BSI 25999-1: 2006. Business Continuity Management. Code of Practice.[ BIP 2145:2008 -- BS 25999-1 Business Continuity Management. Code of Practice. Laminated Pocketbook. ]
X X 2006
HB 292: 2006. A Practitioners Guide to Business Continuity Management[Standards Australia]
X X 2006
BSI 25999-2: 2007. Business Continuity Management. Specification.[ BIP 2150:2008 -- BS 25999-2 Business Continuity Management. Specification. Laminated Pocketbook ]
X X 2007
ANSI / NFPA 1600-2007: Standard on Disaster/Emergency Management and Business Continuity Programs
X X 2007 2010
9
BC-Related StandardsBC-Related Standards
PublicSector
PrivateSector
InPrint
In Dev’t
ISO 31000: Risk Management -- Principles and Guidelines on Implementation
X X 2009-10
ANSI / ASIS: Organizational Resilience – Security, Preparedness and Continuity. Management Systems Requirements with Guidance for Use
X X 2009-10
ANSI / ASIS: Business Continuity Management (Based on BS 25999-1 and -2.)
X X 2009-10
Standards Australia. Business Continuity Management and Audit Standard
X X 2009-10
ISO 22399: Societal Security - Guideline for Incident Preparedness and Operational Continuity Management
X 2010-11
10
Developing RegulationsDeveloping Regulations
Title IX – Public Law 110.53 – “Implementing Recommendations of the 9/11 Commission Act of 2007”◦ Common set of criteria for preparedness,
disaster management, emergency management and business continuity programs
◦ Unfunded effort, no tangible rewards or penalties
◦ Acknowledge cost-benefit challenges for small- and medium-sized businesses
◦ The Goal: “To enhance private sector preparedness”
Now referred to as “PS PREP” by DHS11
11
PS Voluntary PrepPS Voluntary PrepThe program is to be voluntary
◦ Businesses will decide whether or not they wish to obtain certification of their organizations’ preparedness, likely based on what benefits they see in such certification.
The goal is to provide a method to independently certify the emergency preparedness of private sector organizations ◦ Including their disaster/emergency
management and business continuity programs. The program is to certify businesses and
other private sector entities◦ Not individual professionals.
The focus is on all-hazards preparedness and not on terrorism.
12
PS Voluntary PrepPS Voluntary PrepCertification Program
◦The federal government will not run the certification program
◦The program will be administered outside of government by third party organizations with experience in accreditation and certification programs.
◦DHS has selected ANSI-ASQ National Accreditation Board (ANAB) to develop and implement the accreditation program for organizations that will provide formal certification of compliance with the Title IX program.
13
DHS – Next StepsDHS – Next Steps1. Designate the standards that will be
used for the framework of certification (30-60 days)
2. Designate one or more organizations to act as the accrediting body to develop and oversee the certification process, and to accredit qualified third parties to carry out the certification program.
3. DHS (CIKR) – begin a pilot to develop an implementation guide for PS Prep, by sector
14
Aligning to Changing Aligning to Changing Corporate DriversCorporate Drivers
15
Re-positioning Your Re-positioning Your ProgramProgramMany organizations are looking
at Business Continuity as part of their Enterprise Risk Program
You need to understand the principles of Enterprise Risk and how your organization manages the broad concept of Enterprise Risk
16
Consider Aligning to Consider Aligning to Enterprise RiskEnterprise Risk
17
Emergency Response
Security
Operational Risk
Crisis Management
Business Continuity
Enterprise Risk
Availability RiskResiliency
Business Continuity Business Continuity CertificationsCertifications
18
Professional CertificationsProfessional CertificationsCertifications confirm your
knowledgeBusiness Continuity Certifications
Multiple Options/Multiple levels of expertise DRI - BCI - ICOR - BRCCI - BCM …..???
Becoming an accepted standard of “entry” into the BC Profession
Think beyond BC certifications Emergency Management Risk management Project Management Crisis Management
19
SummarySummary◦Educate yourself and your
organization on PS Prep Review the core elements on pages 4
and 5 of the Sloan Report and the DHS list of Target Criteria for Preparedness Standard
Determine the regulatory environment that might force your company to comply to the DHS standard(s)
20
SummarySummary◦Focus on your current program
Develop a list of core elements appropriate for your business and benchmark its BC/DR/EM preparedness program against the list
Measure your program against one of the established guidelines and identify any gaps
Where the program is weak or not well developed, identify steps needed to close the gap and document action taken
◦Get involved in industry groups and organizations
◦Upgrade your certifications21
22