driving enterprise resiliency through partnership · driving enterprise resiliency through...

3/27/2015

1

Driving Enterprise ResiliencyThrough Partnership(Key Resiliency Behaviors)

Presented by:

Geno Pandolfi, U.S. Bancorp

Peter Laz, Forsythe Solutions Group

April 20-22, 2015Talking Stick Resort ● Scottsdale, AZ

Next Generation Resilience

• Identify strategic importance & value of enterprise resiliency

• Discuss how to establish business resiliency via partnership across the enterprise

Key Resiliency Behaviors &Building Resiliency Partnerships

2

Audience Poll

3

Resilient• Latin Derivative from present participle of resilīre

meaning to spring back, rebound

Generic Definitions:

• Resilience - the ability to work with adversity in such a way that one comes through it unharmed or even better for the experience

• Resilient - the power or ability to return to the original form, position, etc., after being bent, compressed, or stretched; elasticity

• Resiliency - the state or quality of being resilient and tending to recover from or adjust easily to misfortune or change

Definitions

13th Annual Continuity Insights Management Conference: Next Generation Resilience

4

3/27/2015

2

Strategic Focus on Survival That...

• Considers a holistic state of readiness

• Focuses on ability to bend or resist impact

• View is broader than a planned response to an incident

Importance & Value ofEnterprise Resiliency

5

It's about OPERATIONAL RESILIENCY

Enterprise Resiliency & the supporting program structure across the Industry varies greatly…

Enterprise Resiliency Program Leadership An Industry View

6

Characteristics of a successful, well established program are:

• Executive Level Sponsorship – Tone at the Top

• Well established functional relationship across the Enterprise (Business, Governance, IT, Operations, etc.)

• Integrates and/or facilitates all aspects of Enterprise Readiness

• Established ongoing Program Lifecycle incorporating

o Consistent Program Policy and Standards

o Embedded Business Strategy and Technology Planning

o Continuous Exercise Execution and Validation

o Aggregated Risk and Compliance Reporting

o Quality Assurance and Control Testing

o Frequent Awareness & Communication

Areas to Examine

7

Enterprise Resiliency Approach:

• US Bank Profile

• Program Overview

• Resiliency Partner Profile

• Core Partner Concepts to Success

Public Profile:


8

NYSE: USB

HQ: Minneapolis, MN

BANK PROFILE:

EMPLOYEES: 65,000+

SIZE: 5th Largest Bank in the USA | $403 Billion in Assets

• Provides comprehensive banking services, brokerage, investment, mortgage, trust and payment services products to consumers, businesses and institutions

• Fortune Most Reputable Companies – Super Regional Banking – US Bancorp #1

MAJOR BUSINESS/SECTORS:

• Operates 3,176 Branch Banking Offices in over 25 States with 5,026 ATM’s

• One of the Largest Wealth Management and Trust Groups in the United States with Global Banking Offices in Europe

• Corporate and Wholesale Banking Offices throughout the United States

• Global Payment Services: ATM’S, Debit/Credit Card and Merchant

• Acquisition in US, Canada, Eastern/Western Europe, and Latin America

HIGHLY REGULATED INDUSTRY:

• Office of Comptroller of the Currency (OCC), Federal Reserve, FDIC, SEC and Consumer Financial Protection Board (CFPB)

3/27/2015

3

9

US Bancorp

ENTERPRISE

PROGRAM OVERVIEWRESILIENCY

US Bancorp: Enterprise Resiliency

10

At US Bancorp our executives and business lines have been oriented to understand that Resiliency is:

• What our customers and stakeholders expect in a 7 by 24 operational, technology, and business environments across the Enterprise

• Our environments need to be in a readiness state that maintains optimum availability to our customers and stakeholders

• Planning and business constructs provide the ability and flexibility to recover from incidents based upon redundant technology driven by businessobjective risk requirements

KEY MISSION PRINCIPLES• Ensure readiness of the entire U.S. organization significant

events, impacts, or declared business disruption - Regardless of event Origin

• Provide direction, consulting, and support to business areas -Best Practices

• Program oversight to readiness and resiliency risk management guidance, monitoring, and executive reporting –360 Degree Program Visibility

• Business preparedness and awareness program -Requirements, Exercises, and Comprehensive Training

VISION

“All of Ready!”

A Readiness Service Organization Overview

12

Readiness Services“C" Level

Enterprise Organization

Readiness Planning and Strategy

Resiliency Operations

Readiness Assurance &Risk Mgmt

Technical Capacity &

Resiliency Mgmt

Critical Services Testing

Functional Business Line Resiliency Program

Participants

Functional Technology Resiliency Program

Participants

Functional Development Resiliency Program

Participants

3/27/2015

4


13







Resiliency Mgmt


Responsible for Enterprise-wide business contingency and technology recovery planning, policies, direction, and strategy.


14







Resiliency Mgmt


Responsible for command and control, and oversight for exercises and operational control for business line and

technology recovery components.


15







Resiliency Mgmt


Responsible for establishing, monitoring and reporting on all Key Performance and Key Risk Indicators for Resiliency,

Third Party Recovery , and Business Continuity Program Activity.


16







Resiliency Mgmt


Responsible to provide monitoring and validation of Resiliency infrastructure compatibility with production/DR

infrastructures, and forecasting future business demand for Production/DR environments, and Technology Management.

3/27/2015

5


17







Resiliency Mgmt


Responsible to provide monitoring and validation of DR and Resiliency End to End Testing is completed for

Our Critically Defined Services.

18

Resiliency

PARTNERPROFILE

Resiliency Partner Profile


19

Readiness Services

Development Business Groups

Infrastructure Services Group

Service Management

Groups

Independent Risk Management

Business & Operational Units

Crisis & Security Control Teams



20




Crisis and Security Control Teams Provides and implements resources and other stakeholder mediums to affect incident response and ensure appropriate recovery resources

Relationship: Planning, Reporting, Support and Exercise preparation, Pre-incident support, Operational Support and Technology Command & Control

3/27/2015

6



21




Enterprise Risk Management Groups Defines and Manages overall Risk frameworks and operational taxonomies for responding to specific risks in the Resiliency Program and to the Board of Directors

Relationship: Provide KPI and KRIs to all Stakeholders in forums/mediums for appropriate Risk Oversight, and Credible program review and challenge



22




Business Line & Operational UnitsManage individual Business Contingency and Recovery Planning through Business Planners, Readiness Coordinators, and Business Risk/Control Officers.

Relationship: Planning, Exercise Coordination, Risk Oversight, Recovery Technology and Support, and Continuity Subject-Matter Expertise to all Business Areas



23



Service Management

Groups

Infrastructure Support Groups Manage production infrastructures environments to include: Network, Voice, Mainframe, ISS, Mid-range, MPE, Storage, Data-base and Raised floor, etc.

Relationship: Provide Planning, Exercise Coordination, Recovery Team Training, Recovery Subject-Matter Expertise, Risk Assessment, Reporting & Joint Resiliency Project Sponsorship



24



Service Management

Groups

Development Business Groups Manage individual development and recoveryplanning for business technology through application recovery planners and businessrisk managers

Relationship: Provide Planning, Exercise Coordination, Recovery Team Training, Subject-Matter Expertise to Development areas, Reporting, Recovery Technology, and Risk oversight

3/27/2015

7



25



Service Management

Groups

Service Management Groups Manage production communications, escalations, change, and incident response for daily technology environments, availability tracking.

Relationship: Provides key Recovery SLA and Objective Risk Dependency process information, Change Control and Coordinated Command-Control major incidents

PARTNER

KEY BEHAVIORS

SUCCESS

• Utilize integrated data points and aligned technology for Planning, Monitoring, Tracking, Operational, and Recovery Components

• Provide Partner real-time access to a base of Trusted information and metrics

• Align Program processes and technologies with Guidance

• Ensure federation with trusted and single source systems of record

Integrate Technologies

27

TRUSTED DATAEstablish Foundational Trust

28

Доверяй но проверяй!

President Ronald Regan to Soviet Premier Gorbachev

Washington Intermediate Range Nuclear Forces Treaty

December 8, 1987

“Trust But Verify”

3/27/2015

8

Communicate Frequently With Partners

29

• Engage with stakeholders Including Independent Risk and Audit Committees - provide Key Program and Key Risk Identification

• Establish a Resiliency Steering and Governance Committee with Resiliency Partners

• Track and Report Resiliency Capital and Non-capital Projects with Partners

• Develop special Off-site Planning and Partner review sessions

• Encourage joint and coordinated industry group participation with partners (e.g. HP, IBM, EMC, Microsoft, SUN, Verisign, SunGard, DRJ, etc.)

• Ensure at a minimum Quarterly and/or Monthly meetings to review key Resiliency Projects and Programs

Joint Projects With Resiliency Partners

30

Resiliency Projects often require very large Capital Expenditures

• Coordinate Executive Communication and Sponsorship with Partners

• Drive joint justification and business needs for Key resiliency expenditures

• Co-sponsor with Infrastructure and Risk areas 3 -5 Year Resiliency Strategies and Capital Projections with dependencies

• Drive a single Resiliency voice and message across the Enterprise

• Advance Business Continuity Program Metrics to support Resiliency Projects (e.g. model the Relationship of Technology to key business strategies and resiliency, etc.)

Resiliency Partner Project

Major Resiliency Project:- Production/DR Data Center and Center Expansion

- One of limited number of Certified Tier-IV Global Data Centers*

*Uptime Institute

Provide Resiliency PartnersContinuing & Early Notifications

32

• Full integration with Emergency Notification and Email Systems to provide effective notification to key stakeholders (exercises, activations, key site messaging, and crisis communications)

• Link Key messaging systems to Mission Critical Processes and Critical Applications and Program Resiliency Data

• Provide automated Partner Notifications and recovery Ticketing for SLA’s , and Exceptions via an Early Warning Reporting System

3/27/2015

9

Provide Resiliency and Program Dashboards and Reporting to Steering Committees, Major Business Stakeholders, and Risk Committees

Continuing & Early Notifications

33

RESILIENCY DASHBOARD

Mainframe• CPU capacity• DASD capacity• Tape capacity• DR Readiness

o Replicationo Infrastructure

Distributed Systems• CPU capacity• DASD capacity• Tape capacity• DR Readiness

o Replicationo Infrastructure

ATM Services• ATM/POS• Mainframe Batch• Wire Transfer• Web Portal Dashboard• Web Admin Dashboard

Infrastructure Resiliency• Floor Space• Utility Power• Generator• UPS Capacity• UPS Battery Life• Cooling• Server Growth

Data Network• Core Network• Intranets• Internet• Branch• Key Partner• Firewalls

Voice Network• Call Center• Call Center A• Call Center B• Call Center C• Trading

• Integrate Resiliency Data across the Enterprise

• Establish Trusted Resiliency Partner Foundations

• Frequent and Focused Partner Communications

• Jointly Support Resiliency Projects and Activities

• Early and Continuing Partner Event Notifications

Key Behaviors Summary


34

Resiliency Partnership

(Churchill, Roosevelt, Stalin Yalta Circa 1945) Sir Winston Churchill

Prime Minister United Kingdom

“If we are together nothing is impossible.If we are divided, all will fail.”

36

THANK YOU,QUESTIONS

Geno Pandolfi

[email protected]

Peter Laz

[email protected]

driving enterprise resiliency through partnership · driving enterprise resiliency through...

Documents