Continuity and Resilience (CORE)

ISO 22301 BCM Consulting Firm

Presentations by speakers at the
1st KSA Business & IT Resilience Summit
16th Feb, 2017 at Four Seasons Hotel, Riyadh KSA
Our Contact Details:
INDIA UAE

Continuity and Resilience

Continuity and Resilience
P. O. Box 127557
Level 15,Eros Corporate Tower
Abu Dhabi, United Arab Emirates
Nehru Place ,New Delhi-110019
Mobile:+971 50 8460530
Tel: +91 11 41055534/ +91 11 41613033
Tel: +971 2 8152831
Fax: ++91 11 41055535
Fax: +971 2 8152888
Email: ms@continuityandresilience.com
Email: info@continuityandresilience.com
Getting started

How to plan and manage a BCM and

IT DR project

Dhiraj Lal, Executive Director, CORE

dhiraj.l@continuityandresilience.com
+971 52 9263933, www.coreconsulting.ae
About Continuity and Resilience (CORE)
ISO 22301 certified Management Consulting Firm
Cyber Security Services
Business Continuity Management Services
Crisis Management Services
IT Disaster Recovery Services
Information Security Management Services
Risk Management Services
Green IT/ Sustainability Services

We Consult / Train / Assess and Certify in these

domains

3
Typical BCM Implementation Methodology

Quite easy..correct?
4
So where do where do we start?

5
 Getting started

A collection of case studies from our IT DR and BCM

Consulting and certification engagements
Situations our consultants have been involved in
As part of our previous organisations (in-house
implementations) or as consultants
Including some situations we have been told about by
others
Customer is being used in this presentation as a
generic term. Could be internal or external

6
Based on diverse Case Studies from.

Customer 1 Manufacturing
Customer 2 Central Bank
Customer 3 Insurance
Customer 4 Banking
Customer 5 Aviation
Customer 6 Govt. Sector
Customer 7 Outsourcing
Customer 8 Facilities Management

7
Effective BCM means that you MUST..,
Have reasonable assurance
R of recovery

Immediate Response Partial re-start Back to normal

IT
Emergency Crisis Business
Disaster Business IT
Response Management Continuity
Recovery

Evaluate Invoke Business As

Usual
Arrangements to
Protect people, recover prioritized Return to normal
assets, reputation activities as pre- level
agreed

Plans for alternate

facilities, machines, Back to BAU
Assess damage & resources
communicate utilities, IT, staff,
supply chain etc

8
Effective BCM means that you MUST.....
Recover within reasonable timelines

INCIDENT
Overall performance

Normal
Operations
Organisation

Effective
B BCM
Program

Minimum Level of
Operations

A No BCM
Program

Time

9
 Starting it right
Clear Understanding of Why BCMdont start if Management
is not convinced

Present the business case Whats in it for me? Not just

defensive, but also a revenue generator

Budget commitment to conduct the project.and willingness to

consider investing in more resources if need be

Strong mandate from the Top, via the BCM Policy..Each unit is
responsible for their own BCM, central BCM Team to help

10
 Starting it right
Regular Top Management interest and involvementnot just a
one-time, but review and follow up till the very end

Let your teams be clear that this is an important initiative, and

it must be done well

Select your best people for the BCM responsibilitynot just

those who are available and free

Recognize and Reward as a formal process. 5% of their KRA?

Meeting the project timelines is most critical

11
 Starting it right
Clear Ownership and roles definition:

Senior BCM Sponsor to clear roadblocks

BCM Steering Committee to validate and sign off

BCM Head to support, keep track, ensure, escalate

BCM Team to help the Departments get it right, as partners

BCM department champions to be the BCM Leads within their units

Department Heads accountable for BCM implementation in their units

Operational team to implement those strategies and plans

12
 Starting it right
Train your people just in time not too early, not too late. Ideally a few days
before the activity is to be performed

Training is needed
for EACH activity:

Policy writing
BIA,
Risk Assessment
BCM
Recovery Strategy creation
Plan Writing
Plan implementation,
Testing and exercising
etc etc

Training and Awareness is needed for each level (Senior Mgt,

Tactical, Operational), and for all staff/suppliers/partners)
13
 Starting it right
Clear project plan with pre-agreed signoff dates, based on
Steering Committee availability

Tracking and monitoring in monthly management meeting

Escalation to BCM Sponsor to resolve issues and conflicts

Quick sanction of budget and resources for any needed BCM

strategies. BIA can be used to justify the needed spend.

Department Heads to be responsible to keep ready their BCM

plan including needed Recovery strategies

BCM Awareness across the organisation to help embed the

BCM effort, including escalation of potential incidents
14
 Starting it right
Signed off testing and exercising schedule, department owned.
Agreed Management Review process, to ensure ongoing
oversight. Pre-agreed annual review process and dates

Agreed Incident log, to capture learnings and improve the BCM

System

BCM Trained Audit team, as an independent control

BCM Automation software to make ease the maintenance and

updation process. And also for tracking, monitoring and
reminders

Notification software, to ensure mass communication within

seconds via SMS, automated call, email, social media etc
15
Thank you!

Dhiraj Lal - +971 52 9263933

Executive Director

Continuity and Resilience

* dhiraj.l@continuityandresilience.com
www.coreconsulting.ae

Continue to know more about CORE

16
15
About CORE
Our Range of Specializations in Consultancy & Training cover:

Crisis Management
Sustainability
Crisis Communications Information Security
Business Continuity IT Service Management
Disaster Recovery Project Management
Cyber Security
Quality

Global Experience Our Partnerships

Country Industry Institutions

India Financial Services
USA Telecom Business Continuity Institute (BCI)
Canada Manufacturing UK for offering BCM Certification
UK Intertek and Bureau Veritas for
Airlines
Europe offering ISO 27001/ ISO 22301
Trading
Africa courses
Oil and Gas
Middle American University of Ras Al Khaimah
East Government for offering certification courses
.
17
 Our Services
We are a firm that specializes in the complete Resilience cycle, offering Consulting, Assessments,
Trainings and Certification Services for organizations in both the public and private sectors. We
too are certified ISO 22301:2012 firm.

Information Technology Crisis Analysis

Disaster Recovery Management
Gap Assessment
Crisis Communication Business Impact Analysis
IT Disaster Recovery Crisis Management Risk Assessment
Trainings Trainings

Embedding Business Continuity

Policy and Project Management
Testing & Exercising Testing & Exercising
Design & Implementation
Consulting Continuity and Recovery Strategies
Implementation Crisis Management
Audits Incident Response Structure
ISMS and Cyber Services Business Continuity Plan
Maturity Assessment
GRC Crisis Management Plan
Trainings
Managed Security Incident Management Plan
Services Testing & Exercising
Validation
Trainings
Training and Awareness
Exercising and Testing
Business Continuity Audits
Management

18 Continual Improvement
 How are we different?

1 2 3

We have trained over 2000

professionals from 500
organizations

We conduct public and inhouse workshops for

BCM Training and Professional Certifications
and help organisations run Crisis Management
and Table Top exercises and simulations

Our consultants have performed

approximately 80 mandays of
ISO 22301 / BS 25999
assessments
4

We are an ISO 22301

certified company
19
 How are we different? (Contd.)

5 6 7

Many of our clients have been

certified to ISO 22301 / BS25999,
based on our consulting for them

Our consultants are experienced

BCM professionals who held
senior management positions
mostly as heads of functions

Our consultants have over 140 +

man years of collective
experience ranging accross
geographies and industries
8
Most of our consultants hold
multiple certifications in BCM
and other related domains
20
 Cyber Security / Information Security
Corporate Instructor Led Trainings
Cyber Attack Simulation Exercise
Customised training for Corporate
Capacity
Building & Skill Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC)
Dvlp

Governance, Risk & Compliance

CERT & CSIRT (BOMT Model)
Forensics & Investigations / VAPT
Professional
Gap Analysis / Health Checks & Pre Audit Services
Services

CSIRT as a Service
SOC (remote, BOMT/O&M)
Predictive Security through Threat Hunting & Counter Threat Intelligence
Managed
Security Forensics & Investigation Services
Services

Confront & Denial of Operations Area through Smoke Screen

Forensics Workstation & DDoS Protection Tool
Employee Forensics & Monitoring Tool
Products Mobile Device Management & Mobile Data Security

21
 Consulting
The salient points that will be covered by CORE BCM consulting are illustrated below :

Benefits
Initial Assessment &

Interview Senior Management

Current State Assessment
Roadmap

Documentation Review
Initial Industry Benchmarking
Implementation Review
Assessment
Assessment Report Maturity Assessment

Program Management Plan BCM

Implementation

Consulting Focus on high priority items

Business Impact Analysis Operationalize Assignment Implementation Identify potential threats & take
the BCMS
measures to mitigate impact
Risk Assessment
Effective & coordinated response
during crisis in order to minimize
BC Strategy & Response
decision points at the time

Testing
Operationalize the

Validation of documented steps

Exercising
BCMS

Assurance & long term

Performance Evaluation
sustainability

Continual Improvement

21 22
Trainings

Public In-house Tailor-made

Programs Workshops
Global Global Customized to
Certifications Certifications clients
like BCI, IRCA like BCI, Specialized
CORE IRCA, coverage
Certifications CORE Awareness
Certifications Education
Simulated
Exercises

23
Some of our Trainings
Cyber Attack Simulation Exercise
ISO27001 on the ground implementation workshop
Crisis and Disaster Management Simulation Exercise
Senior Management Awareness workshops
ISMS and BCMS coordinators training workshops
BCI-UK certified GPG workshops (leading to CBCI)
Certification aspirants workshops for CISSP, CISA, CISM
and CRISC
ISO 27001 and ISO22301 Lead Auditor training
ISO 31000 Risk Management and IT Disaster Recovery
Certification

24
Tools Support
CORE acts as a conduit between the partner & client by providing support for:

Gather requirements
Shortlist Vendors
Subject matter expertise for tool selection
Perform Vendor Demos
Tool installation & implementation
support for BC, ITDR & Notification
Assistance during tool testing
Benefits

25
E-learning Support
Benefits of E-Learning for our clients:

Higher coverage
Consistency in communication
Higher learning retention

Management
Learn at your own pace,

IT Service
Continuity
Business
anytime and anywhere
Latest and most updated
course ware always available 6
2
Cost effective as against
class room based training Crisis
1 7 Sustainability
Saves paper reduces carbon Management

foot print

26
Some of Our Consulting and Training Clients

27
Our 2017 Summits

28
End of presentation
Thank you!
Dhiraj Lal - +971 52 9263933
Executive Director

Continuity and Resilience

* dhiraj.l@continuityandresilience.com
www.coreconsulting.ae

29
15
28