1

1© Copyright 2014 EMC Corporation. All rights reserved.

Eating the Resiliency Elephant

March 30, 2014

Patrick Potter, GRC Strategist RSA Archer

2© Copyright 2014 EMC Corporation. All rights reserved.

Today’s SpeakerPatrick is currently a GRC Strategist for the RSA Archer organization, where he helps drive the direction of the Business Continuity and Audit Management solutions. Prior to RSA, Patrick spent over 20 years leading business continuity, internal audit, strategic planning, process improvement and related activities at Fortune 500 companies in both industry and consulting roles.

Patrick has developed a broad perspective working with analysts, partners and customers spanning such industries as financial services, higher education, manufacturing, high-tech, healthcare, and media and hospitality. He has been a speaker for the Institute of Internal Auditors, DRJ, RSA Archer Summit, Financial Executives Networking Group, Association of Continuity Planners and ISACA. Patrick has also contributed various thought leadership articles for Continuity Insights, SC Magazine, Internal Auditor Magazine and Disaster Recovery Journal.

2

3© Copyright 2014 EMC Corporation. All rights reserved.

Session Abstract

In a typical organization, there are many separate processes, groups, functions and approaches that have something to do with “organizational resiliency”.

These include IT disaster recovery, business recovery, incident management and crisis management, not to mention related risk and compliance functions.

However, too many of the functions that tackle these issues are separate and uncoordinated, if not downright antagonistic. Today's session will talk about the challenges and how to bring these disparate areas together.

4© Copyright 2014 EMC Corporation. All rights reserved.

BCM and the Elephant

The “Blind Men and the Elephant”, poem by John Godfrey Saxe (1816–1887) talks about the differing perspectives of six blind men touching an elephant.

“It’s a wall, a spear, a snake, a tree, a fan and a rope”

What does this have to do with BCM?The elephant is “Resiliency” and he’s causing organizations to think about much more than just recovery planning.

However, we’re all thinking about resiliency in different ways and taking different approaches. We must work together.

3

5© Copyright 2014 EMC Corporation. All rights reserved.

Today’s WorldThe CEO & BCM manager ride the elevator…

Soooo….that’s all good stuff, but how does the business

look with all of these disasters happening

these days?

IT did some data center testing last week. Business

Continuity updated its call trees and we reduced the number of incidents at the

factories.

6© Copyright 2014 EMC Corporation. All rights reserved.

We believe organizations today face inevitable disruptions but are not prepared to deal with the wide variety of events on the horizon.

The Impending Disaster?

How Prepared is the Organization?

• Growing number of man-made and natural disasters

• Regulations with BCM requirements are multiplying

• 24/7 service delivery requirements• Domino effect from globalization and highly

complex supply chains• More complex and frequent disruptive events lead

to a need for better crisis management• Security breaches• IT disruptions• Operational incidents

4

7© Copyright 2014 EMC Corporation. All rights reserved.

The magnitude and impact of today’s disruptions are driving businesses to realize that business recovery is not enough, and resiliency is a non-

negotiable component for existence and success.

We must focus on priority business elements, holistic approaches and collaboration to transition from recovery to resiliency as a competitive advantage.

Recovery vs. Resiliency

Resilience = the ability to cope with stress and adversity and bounce back to a previous state of normal functioning, or simply not showing

negative effects - Resilience is a process, and not a trait

8© Copyright 2014 EMC Corporation. All rights reserved.

Where is Business Resiliency today?

Most companies have business continuity and disaster recovery programs today but are they positioned to keep up with the

changes?

Effort

Cost

Damage

Complexity

5

9© Copyright 2014 EMC Corporation. All rights reserved.

Most Organizations Are Here

The first step is to understand the organization’s strengths, readiness and capabilities.

10© Copyright 2014 EMC Corporation. All rights reserved.

Collaborative and Prepared

We Need to Change our Approach…

to be prepared now for the inevitable and develop a strategy for resiliency.

Crisis Management

IT

Business Continuity

Business Operations

Independent and Reactive

6

11© Copyright 2014 EMC Corporation. All rights reserved.

Resiliency Enabled

The CEO & BCM manager ride the elevator…

So how well does the business look with all of these

disasters happening these

days?

We did an end to end review of restoring customer account

processing, found a few issues but resolved them.

We also kicked off a resiliency impact

assessment to identify possible points of failure in “Project Barracuda” –which I know is one of your key objectives.

12© Copyright 2014 EMC Corporation. All rights reserved.

Business Resiliency Management

Crisis Management

IT

is not a singular answer but rather a solution leveraging people, process and technologies as a force multiplier where 1+1 =3.

Enables organizations to

• Establish business context for resiliency

• Prepare for and recover from IT system outages

• Identify and prepare business resumption strategies

• Catalog and resolve incidents• Manage crisis events and

communications

reducing the risk of IT and business disruptions, harmful operational events and significant business crises.

Business Operations

Business Continuity

7

13© Copyright 2014 EMC Corporation. All rights reserved.

Plan Your Journey

Resiliency Enabled

ResiliencyAdvantaged

Build foundation• Begin to leverage data

stores• Common asset repositories

Ensure you are ready now• IT Disaster Recovery• Business Continuity• Crisis Management• Operational Incidents

Reduceduplicative efforts

Gainresources & resiliency risk visibility

Resiliency Silos

14© Copyright 2014 EMC Corporation. All rights reserved.

Objectives

Think Across the Organization

Products & ServicesAssets

Rules & Regulations

Policies & Procedures

Supply Chain

People / Org Structure Incidents & Events

Controls

Risks

Business Processes

8

15© Copyright 2014 EMC Corporation. All rights reserved.

Continue Your JourneyImprove Analytics/Metrics• Real-time reporting and

measurement for root cause analysis

Ingrain Business Context• Fuse business value into resiliency

processes

Maintaincooperation

Prioritizeeffectively

Manageefficiently

Break down barriers• Leverage data, processes

and resources

Resiliency Enabled

ResiliencyAdvantagedResiliency Silos

16© Copyright 2014 EMC Corporation. All rights reserved.

Break Down Silos

• Catalog business hierarchy establishing organizational structure for resiliency reporting

• Catalog business assets including business processes, products, services, facilities and contacts

• Catalog IT assets including applications and devices

• Manage relationships between assets

• Measure and track business criticality of assets

Establish Business

Context for Resiliency

• Document and test IT DR plans

• Coordinate IT DR with BC planning

• Manage Risks and Impacts to Organizational Resiliency

• Document and test BCM plans

• Manage issues and remediation efforts resulting from testing and disruptions

Prepare for IT and

Business Disruptions

• Catalog incidents and events

• Define standard response procedures

• Manage investigations• Manage ethics violations• Manage issues and

remediation efforts resulting from operational events

Catalog and Resolve

Operational Incidents

Manage crisis events Initiate emergency

communications Coordinate activated Business

Continuity and Disaster Recovery plans

Manage Crisis Events

9

17© Copyright 2014 EMC Corporation. All rights reserved.

Analytics/

Visibility + Analytics = Priority

Better understand key levers like risk and controls to disrupt the noise,and bring clarity to the signal to amplify your decisions.

Signal Clarity and Amplification

Noise

Action

Priority + Action = Results

MetricsResults + Metrics = Progress

Visibility

18© Copyright 2014 EMC Corporation. All rights reserved.

Continue Your JourneyConnect to the Business• Business context ingrained

in all resiliency efforts

Make Risk-Driven Decisions• Ability to identify, respond and

manage resiliency risks ahead of the curve

Manageknown & emerging resiliency threats

Exploitnew business opportunities

Resiliency Enabled

ResiliencyAdvantagedResiliency Silos

10

19© Copyright 2014 EMC Corporation. All rights reserved.

Leverage New Trends & Innovations

Global RiskTransformation

CyberThreats

GlobalEconomy

Virtual borders, more interconnected and

exposed

Infrastructure Transformation

Mobile Cloud

Less control over access device and back-end

infrastructure

BusinessTransformation

More hyper-extended, more digital, more

regulated

ExtendedWorkforce

NewRegulations

BigData

20© Copyright 2014 EMC Corporation. All rights reserved.

Resiliency, a Competitive Advantage

The CEO & Business Resiliency manager ride the elevator…

I have a great idea on how to improve

operational processes that keep getting interrupted by bad

weather allowing us to save money in our

supply chain. Let’s talk about it over lunch.

I love it!! So how well does the business look with all of these

disasters happening these

days?

11

21© Copyright 2014 EMC Corporation. All rights reserved.

A Bite at a Time

Set a Vision

Work Together

A Step at a Time

Communicate Follow the Plan

22© Copyright 2014 EMC Corporation. All rights reserved.

THANK YOU