An Interview with Randall Till of MasterCard International - 1702-ask - Disaster Recovery Journal

Return to the
Spring 2004 Issue

DISASTER RECOVERY
JOURNAL

P. O. Box 510110
St. Louis, MO 63151
(314) 894-0276
Fax: (314) 894-7474
Internet www.drj.com
E-mail drj@drj.com

PUBLISHER &
EDITOR-IN-CHIEF
Richard L. Arnold, CBCP
richard@drj.com

SENIOR EDITOR
Janette Ballman
janette@drj.com

MANAGING EDITOR
Jon Seals
jon@drj.com

COPY EDITORS
Richard Sandhofer
richards@drj.com
Pamela Clifton
pamelaclifton@hotmail.com

ADVERTISING
Robert Arnold
bob@drj.com

_____________

Corporate

President/CEO
Richard L. Arnold, CBCP
richard@drj.com

Vice President
Robert Arnold
bob@drj.com

CONFERENCE COORDINATOR
Patti Fitzgerald, CBCP
patti@drj.com

CONFERENCE REGISTRAR
Merce Knese
mercedes@drj.com

CIRCULATION
Laura Baugh
laurab@drj.com

EXECUTIVE COUNCIL
Jeff Dato, MBCP, KPMG
John Jackson, IBM
Edward S. Devlin, E.S. Devlin & Associates
James Hammill, CBCP, JMH Consulting Inc.
Pat McAnally, SunGard Availability Services
Brian Turley, Strohl Systems
Belinda Wilson, Hewlett-Packard

INTERNATIONAL
CONTACTS
England: Thom Hetherington
Business Continuity
Phone: 0161-237-1007
thomh@tempus.demon.co.uk

Australia: Anthony J. Harvey
Journal of Business Continuity
Phone: 0011-613-953-0055-8
fax: 0011-613-953-0528
sector@notability.com.au

Japan: Shinji Hosotsubo
Quake Japan Co., Ltd.
Phone: 03-3215-2880
fax: 03-3215-2881

Brazil: Jose Carlos Ferreira
Disaster Recovery Mercosul
Phone: 55 11 3666-9506
conc2000@uol.com.br
www.drms.com.br

Click Here for a Printable Version

An Interview with Randall Till of MasterCard International

By TERRI KIRCHNER, MBCP

Randall Till is vice president of global business continuity management for MasterCard International.

Kirchner: What prompted you to implement a business continuity/disaster recovery plan in your organization?
Till: The nature of the payments processing industry requires that our customers and their cardholders can conduct transactions using MasterCard anywhere, and at any time. As a result, we continually develop, implement and validate recovery plans for our critical business systems and operations.

Kirchner: How essential is an effective business continuity plan for your organization?
Till: MasterCard has integrated business continuity planning into our daily business practices and has made it a part of our overall business culture. As we develop and implement new systems and functions, business continuity is a fundamental part of our planning.

Kirchner: How aware are you of business continuity plans in other financial services organizations?
Till: MasterCard has always observed and been involved with business continuity guidelines and practices in the financial services industry. In fact, we’ve played an important role in helping to establish standards and best practices in the Business Continuity Planning (BCP) industry. Establishing consistent guidelines is critical to helping organizations in all industries develop and implement effective business continuity plans.

Kirchner: How did you go about creating a business continuity plan? What key points did you consider?
Till: As with most organizations, MasterCard began its program by concentrating on mission-critical business processes and systems. The key was defining critical business areas and determining how long our organization could tolerate the loss of these functions/systems. Based on this business impact analysis, we formulated a strategy and approach for the recovery of these operations within the required recovery timeframe. Business continuity planning is an ongoing process that continues to evolve and improve the overall recovery readiness of our organization.

Kirchner: Do you partner with any other organizations on business continuity planning efforts?
Till: MasterCard enjoys a good working relationship with the Disaster Recovery Journal as well as the DRI International. We’ve conducted joint meetings with our customers and key third party providers to review recovery plans and coordinate communications during emergencies.

Kirchner: How much support for business continuity planning do you receive from your board of directors, senior management, and key areas of your organization? Do they view it as an important aspect of company management policy or as a budget drain, inconvenience, etc.? How do you secure user buy-in and compliance?
Till: MasterCard established a formal process of reviewing our business continuity program with our executive management team and the audit committee of the board of directors. During each review, management is updated on the status of the current program, and briefed on proposed plans for moving the program forward.
Our management team’s commitment to business continuity is critical in gaining the support and buy-in of the user departments within MasterCard – as these are the groups responsible for business continuity planning. The business units are provided with the proper tools and templates, so they have a consistent and proven process to develop and implement their recovery plans. Reporting the results of our business continuity planning efforts to management on a regular basis is important to the ongoing success of our BCP Program

Kirchner: Are there any crucial lessons that companies should learn from previous disasters?
Till: Lessons learned from emergencies and disasters are crucial to the growth and development of the business continuity planning. Following these types of events, companies must look at the responses and impacts related to the event and incorporate the key “lessons learned” into future planning and processes. An example of this is the cessation of all air traffic following the 9/11 tragedies. Until that time, many business continuity plans called for traveling hundreds – or even thousands – of miles via airplane to support recovery operations. The events of 9/11 forced companies to re-think their recovery assumptions and strategies.

Kirchner: To what extent are legal and regulatory requirements having an impact on business continuity planning?
Till: The Gramm-Leach-Bliley Act and related regulations have changed the way companies evaluate, analyze and report on their business operations and risks. These changes are having a significant impact on the financial services industry and vendors to that industry; business continuity planning is a part of this change. Changing regulations and legal requirements have increased the number of inquiries that MasterCard receives from its customers. As a result, fully understanding the recovery plans of key vendors, service providers and business partners is an integral part of how we conduct business today.
At MasterCard, we are focused on the business needs and expectations of our customers and cardholders as the keys to our success. Addressing these needs and expectations, while keeping business continuity top-of-mind, has positioned both our organization and our members to successfully comply with both existing and emerging standards and regulations.

Terri Kirchner, MBCP, is a Ph.D. research assistant with Old Dominion University and a member of the Disaster Recovery Journal Editorial Advisory Board.
To comment on this article, go to 1702-ask at www.drj.com/feedback