25th - 26 th February

1
The Role of Business Continuity in Disasters
Response
25th - 26 th February Sadiyat Island Abu Dhabi
25 February 2014 Alan Berman President/CEO DRI
International
2
DRI International
3
DRI International Truly International

• DRI has Certified INDIVIDUALS in over 100
  Countries
• DRI conducts training courses in over 50
  countries
• Since 2009, DRI taught more students outside the
  US than within the US
• More individuals are certified by DRI
  International than all other organizations in our
  industry combined (11,000 active individuals as
  of June 2013)
• Since 1988, 25,000 individuals have held a DRI
  certification
• DRI trains and certifies in English, Spanish,
  French, Italian, Japanese, Mandarin, Portuguese,
  and Russian
• Creation of the first international glossary for
  business continuity

4
Government Organization Collaboration

• United States
• Chaired the Alfred P. Sloan Committee that
  drafted the Framework for Preparedness that is
  the foundation for the Title IX Implementation.
• Member U.S. Chamber of Commerce Homeland Security
  Task Force
• Member of the Council of Experts for ANSI-ANAB
  who will set the credentialing standard for
  certifying bodies for PS-Prep
• Member of FEMA National Advisory Council Private
  Sector Subcommittee
• Member of Advisory Committee for Congressionally
  funded Project for National Security Reform
• Meeting with Special Assistant to The President
  for Homeland Security Standards Policy
• APEC Only business continuity certification
  recognized by the Asian Pacific Economic
  Cooperation
• DRI Canada is a member of the technical committee
  for the CSA Z1600 Standard for Emergency
  Management Business Continuity
• Singapore Official BCM education partner for the
  government-sponsored Singapore Business
  Federation
• Malaysia Annual DRI conference in collaboration
  with the Ministry of Science, Technology and
  Innovation via its agency Cyber Security
  Malaysia to promote BCM
• Japan Joint Declaration on overcoming future
  crises with municipal governments of Tokyo and
  Niigata
• Mexico Advisor to the government for development
  of new national BCP standard
• UAE Member Standards Committee Advisory Team

5
DRI International Outreach
Weekly E-News
International Publications
6
Charitable Giving and Volunteerism

• The Disaster Recovery International Foundation is
  a 501(c)(3) non-profit organization whose mission
  is to promote professional and personal
  preparedness promulgate response and recovery
  practices through proactive and real time
  engagement with organizations, individuals and
  communities liaise with relief organizations on
  behalf of businesses and communities impacted by
  a disaster to expedite the response and focus of
  aid during or after an event and, provide
  volunteer opportunities for Business Continuity,
  Disaster Recovery, and Emergency Management
  professionals everywhere.
• Launched as a separate entity of DRI
  International (DRII) in July 2011
• The Foundation leverages DRIIs relationships
  with U.S. and world governments including local
  grass roots organizations -- to empower the more
  than 10,000 worldwide Certified Professionals
  with a pathway to give back to their communities.

7
The Role of BCP in Disasters
8
Disaster Response Components
Emergency Response
Crisis Management
Business Continuity
Activity
Inception - Duration
9
Emergency Response
Emergency Response
Crisis Management
Business Continuity
Activity
Inception - Duration
10
Crisis Management
Emergency Response
Crisis Management
Business Continuity
Activity
Inception - Duration
11
Business Continuity
Emergency Response
Crisis Management
Business Continuity
Activity
Inception - Duration
12
Risk Management vs. BCM

• Cause vs. Effect
• Risk Management Anticipates Causes (Risks)
• Identifies Threats (Facility, Environmental,
  Climatic, Geopolitical,
• Personnel, Business, Technology, etc)
• Recommends Mitigation
• Probability
• Cost of Mitigation
• BCM - Deals with Effects
• What are the Implications of failing to mitigate
  or prevent
• Preparation
• Structure, planning, resources, testing
• Execution
• Relocation, operating under duress

13
Risk Assessment Preparing to Deal with Causes
Location 1 Primary Workspace Primary Systems Electronic Data Key Personnel Key Vendors and Services Vital Records(Paper Files Mail) G
Possible Scenarios Primary Workspace Primary Systems Electronic Data Key Personnel Key Vendors and Services Vital Records(Paper Files Mail) Y
Power Failure Power Failure Power Failure Power Failure Power Failure Power Failure R
Electric Internal G Y G G G
Con Ed failure G Y G G G
Back-up Generators failure G Y G G G
Gas Leaks R R R G G
Telecommunications Network Failure (Lan/Wan) Telecommunications Network Failure (Lan/Wan) Telecommunications Network Failure (Lan/Wan) Telecommunications Network Failure (Lan/Wan) Telecommunications Network Failure (Lan/Wan) Telecommunications Network Failure (Lan/Wan)
Loss of Vendor Service G R G R G
Loss of Voice Service G G G R G
Loss of Cellular Service G G G Y G
Loss of Data Transmissions G R G R G
Router / Hub Failure/Firewall G R G R G
Overloaded Performance failure G R G R G
Data Center Failure Data Center Failure Data Center Failure Data Center Failure Data Center Failure Data Center Failure
Software failure G R G G Y
Infrastructure damaged G R G R Y
Mainframe failure G R G R Y
Server failure G R G R Y
Router failure G R G R Y
Hubs Failure G R G R Y
Water / Plumbing / Sprinkler Malfunction Water / Plumbing / Sprinkler Malfunction Water / Plumbing / Sprinkler Malfunction Water / Plumbing / Sprinkler Malfunction Water / Plumbing / Sprinkler Malfunction Water / Plumbing / Sprinkler Malfunction
14
Risk Management vs. BCM

• Cause vs. Effect
• Risk Management Anticipates Causes (Risks)
• Identifies Threats (Facility, Environmental,
  Climatic, Geopolitical,
• Personnel, Business, Technology, etc)
• Recommends Mitigation
• Probability
• Cost of Mitigation
• BCM - Deals with Effects
• What are the Implications of failing to mitigate
  or prevent
• Preparation
• Structure, planning, resources, testing
• Execution
• Relocation, operating under duress

15
Effects, Impacts, Consequences
INCIDENT OCCURS
16
Risk Management vs. BCM
Reducing Causes

• Cause vs. Effect
• Risk Management Anticipates Causes (Risks)
• Identifies Threats (Facility, Environmental,
  Climatic, Geopolitical,
• Personnel, Business, Technology, etc)
• Recommends Mitigation
• Probability
• Cost of Mitigation
• BCM - Deals with Effects
• What are the Implications of failing to mitigate
  or prevent
• Preparation
• Structure, planning, resources, testing
• Execution
• Relocation, operating under duress

Reducing Effects
17
Traditional Causes of Interruptions

• Natural Disasters
• Man-Made Incidents
• Technology Failure

18
New Concerns

• Pandemics
• Nuclear, Biological, Chemical
• Political
• Economic

19
Combining Disciplines

• More Integrated Solution
• Business Continuity
• Disaster Recovery (IT Recovery and Continuity)
• Emergency Response
• Crisis Management

Under The Banner of Business Continuity
Management
20
Resiliency
Enterprise Risk Risks associated with not only
accidental losses, but also financial, strategic,
operational, and other risks. Operational
Risk Risks associated with internal inadequacies
of an organization or a breakdown of its
controls, operations or procedures. Business
Continuity Management Reducing the impacts that
occur when there is a failure in Enterprise or
Operational Risk Management
21
Thank You