Welcome to the DRI International

1
Welcome to the DRI International
National Preparedness Month
Virtual Town Hall
Moderators
AnneMarie Staley NYSE EuroNext
Russell Wooldridge DRI International
2
Chloe Demrovsky, Director of International
Operations DRI International
New International Opportunities  
Introducing DRI Japan, a non-profit organization,
offering certification in Japanese Announcing
the formation of  DRI India serving India and
neighboring countries DRI Malaysia
International BCM Conference Managing the
Unexpected Are We Really Ready For It?
October 26-28, 2010 in Kuala Lampur.
3
Daniel Mikulsky, Chair CSC
The Professional Development Committee
Present a thought leadership forums Provide
virtual venues for participants to earn
CEAPs Provide incentive for certified
professionals for visiting
4
Michelle Cross, Chair Wells Fargo
The BOG Committee
Benefits Discounts group benefits for Certified
Professionals Outreach Help manage current and
future relationships Grants Define and seek grants
5
Len Pagano, President CEO SafeAmerica Foundation
DRILL DOWN for Safety
Nearly ½ Million Pledged to Drill What companies
can do Plans for 2011s March to 1 Million
6
PS-Prep ANSI
Al Berman, Executive Development DRI International
The State of Company Certifications
7
Corporate Certification

• What Are We Trying to Accomplish?
• PREPAREDNESS
• Emergency Management
• Disaster management
• Business Continuity
• Is this New?
• Regulations
• Standards
• Guidances

8
9/11 Commission Report July 2004

• Recommendation We endorse the American National
  Standards
• Institutes recommended standard for private
  preparedness. We were
• encouraged by Secretary Tom Ridges praise of the
  standard, and urge
• the Department of Homeland Security to promote
  its adoption. We
• also encourage the insurance and credit-rating
  industries to look
• closely at a companys compliance with the ANSI
  standard in assessing
• its insurability and creditworthiness. We believe
  that compliance
• with the standard should define the standard of
  care owed by a
• company to its employees and the public for legal
  purposes. Private-
• sector preparedness is not a luxury it is a cost
  of doing business in
• the post-9/11 world.

9

Business Continuity Regulations and Standards
Post-9/11
Sarbanes-Oxley Act of 2002 HIPAA, Final Security
Rule FFIEC BCP Handbook -2003/ 2008 Fair Credit
Reporting Act NASD Rule 3510 NERC Security
Guidelines FERC Security Standards NAIC Standard
on BCP NIST Contingency Planning
Guide FRB-OCC-SEC Guidelines for Strengthening
the Resilience of US Financial System NYSE Rule
446 California SB 1386 Australia Standards BCM
Handbook GAO Potential Terrorist Attacks
Guideline Federal and Legislative BC
Requirements for IRS Basel Capital Accord MAS
Proposed BCP Guidelines (Singapore) NFA
Compliance Rule 2-38 FSA Handbook (UK) BCI
Standard, PAS 56 (UK) Civil Contingencies Bill
(UK)
2002 Safety Act FCD-1/2 NYS Circular Letter
7 ASIS State of NY FIRM White Paper on CP NISCC
Good Practices (Telecomm) Australian Prudential
Standard on BCM HB221 HB292 BS25999 SS507
SS540 TR19 CA Z1600 ISO/PAS 22399 HiTech Act of
2009
Pre-9/11
Consumer Credit Protection Act OMB Circular
A-130 FEMA Guidance Document Paperwork Reduction
Act ISO 27002 (Previously ISO17799) FFIEC BCP
Handbook Computer Security Act 12 CFR Part
18 Presidential Decision Directive 67 FDA
Guidance on Computerized Systems used in
Clinical Trials ANSI/NFPA Standard 1600 Turnbull
Report (UK) ANAO Best Practice Guide
(Australia) SEC Rule 17 a-4 FEMA FPC 65 CAR JHACO
DRII
Title IX 110-53
1991 - 2001
2002 ---------------------------------------------
----------2010
10
Title IX 110-53 (PS-Prep)
 a. Goal of the new program is to provide a
method to independently certify the emergency
preparedness of private sector organizations,
including their disaster / emergency management
and business continuity programs.  The program
focuses on certifying the preparedness of
businesses and other private sector entities, and
does not involve any individual professional
certification.  b.  The program will be
voluntary.c.  Key stakeholders are invited to
participate in the development of the program. 
Consultation with a variety of organizations and
various sectors is required by the legislation. 
Program development will likely include
involvement by a diversity of private sector
advisory groups and others.d.  The program will
be administered outside of government by 3rd
party organizations with experience / expertise
in managing and implementing voluntary
accreditation and certification programs.e.  One
or more preparedness standards can be
designated.  NFPA 1600 is reference by
example.f.  Existing industry efforts,
certifications and reporting in this area will
not be duplicated or displaced, but rather
recognized and integrated.g.  Special
consideration will be made for small
business.h.  Proprietary and confidential
information is to be protected.
11
DHS Decides

• A list of Recommended Standards Against Which a
  Company May Certify
• ASIS International SPC.1-2009 Organizational
  Resilience Security Preparedness, and Continuity
  Management System Requirements with Guidance
  for use (2009 Edition).
• British Standards Institution 25999 (2007
  Edition) - Business Continuity Management.(BS
  259992006-1 Code of practice for business
  continuity management and BS 25999 2007-2
  Specification for business continuity management)
• National Fire Protection Association
  1600-Standard on Disaster / Emergency Management
  and Business Continuity Programs, 2007 and 2010
  editions. 

12
How It Works
ANSI-ANAB
In progress - ANSI
DHS
13
Training Requirements for CBs

• DRI/NFPA Course is proceeding with ANSI-CAP
  Accreditation for the Course
• ANSI-CAP follows the accreditation process
  outlined in the international standard ISO/IEC
  17011, General Requirements for Accreditation
  Bodies Accrediting Conformity Assessment Bodies
  and recognized by ANSI-ANAB
• Passing the Exam will Provide a Certificate of
  Completion (Because training is a requirement
  there can be no examination only)
• This Certificate will Be Required to Seek
  CBCA/CBCLAs
• DRI International will maintain recertification
  through continuing education (RSBSQA requirement)

14
Regulations

• Created by Government/Industry Regulatory Bodies
• Punitive
• Fines
• Shutdown
• Subject to Annual (Operational/Financial) Audit
• Audit Conducted by Third Party
• Results are Board Issues
• May Create Vendor Requirements
• FFIEC
• HIPPA

15
Standards

• Voluntary
• Non-Punitive
• Auditable Through First, Second or Third Parties
• State of Flux
• NFPA 1600 is the ANSI National Standard is in
  Revised Every 3 years
• ASIS/BS25999 are Currently in the Early Stages of
  Seeking ANSI Accreditation not Due until at Least
  End of 2009
• ISO 22399/PAS (Publicly Available Specifications)
  Interim State
• New Australian Standard
• New Singapore Standard

16
What You Get

• A Certification by an Approved Certification Body
  
• No Endorsement by DHS/FEMA or Federal Government
• A Distancing by DHS from the Process
• Private Sector Certification Bodies
• Available Before PS-Prep
• NFPA 1600
• BS 25999
• SS507 SS540
• Private Companies

17
What You Dont Get

• No Get Out of Jail Free (Safe Harbor)
• Safety Act of 2002
• No Reduction in Insurance Premiums
• Does Not Exempt Regulatory Compliance
• DHS Cannot Make It Mandatory Only Legislative
  Action Can
• Highly Unlikely
• Consider Sarbanes-Oxley

18
So Why Do It

• Rewards
• May Satisfy Customer Inquiries
• Supply Chain
• RFPs
• Create Uniformity
• Multi-Nationals
• Increase Preparedness
• PS-Prep Raised Awareness of Need to Prepare

19
Risks

• Risks
• Discoverable (Corrective Action Plan)
• May Not Provide Legal Protection
• Judge and Jury Decision
• No Known NFPA1600 Defense
• Quality of Auditors
• Potential Conflict
• Financial Operational Audit
• Corporate Governance
• Regulation
• Expensive

20
What to Do Now

• Focus on the Regs
• Broaden Your Viewpoint
• Keep Your Eyes on Transition
• Hold Off On (the Actual) Certification
• Walk Dont Run
• Talk to Your General Counsel (DHS Does)

The Standards Race Author Mark Carroll
21
Final Thoughts and Ideas

• Lets Work On Preparedness
• Small Steps Easily Accomplished
• Safe America
• National Preparedness Month Join the Coalition
• Local Community Activities
• Local Red Cross Chapter