Breakout Track Four
Tuesday 1:30 - 2:30 pm
Strategic Session 4
Creating and Implementing a Resiliency (DR/BC) Standards and Compliance Program
John Kotas, JP Morgan Chase
We will begin with building a simple recovery plan and then build a standards and compliance program to support the plan. Supporting documentation will be provided to all attendees. The audience will participate and learn that the business continuity standards that we will create will ensure that consistent and thorough plans are developed supporting a company’s critical business processes. Resiliency planning standards are established to meet a company’s strategies and goals relating to business continuity. Communicating status reports will be explored as well.
John F. Kotas, CBCP, has 23 years of DR and BC experience. He serves as the resiliency disaster recovery manager at JP Morgan Chase.
Managerial Session 4
Elevating BCP Value Through the Language of Governance
Leah Core, Cherry Creek Mortgage Company
Are you feeling stuck in your BCP role? Are you tired of ‘fighting the good fight’ and being called Chicken Little or the Grim Reaper? Explore several concepts you can leverage to elevate your role and perspective. We’ll start with governance and explore how the COBiT and ITIL frameworks not only complement business continuity planning but can help operationalize it. We’ll investigate and discuss areas from HR to racing to gain insight on how to expand our conversations about resilience, improve relevance of risk activities, present with clarity, and facilitate better decision making.
Leah Core, MBCP, MBCI, PMP, is business continuity manager for Cherry Creek Mortgage Company. She has served in a variety of roles within and symbiotic to business continuity for more than 15 years.
Technical Session 4
Compliance (HIPAA, FFIEC, etc.): What Keeps You Out of Jail?
Jack Orlove, MAXIMUS
Ingela Orlove, Cyber Communication Inc.
The goal of providing compliance to the regulators is not always the best avenue to control your risk in a disaster. Instead it’s the ability to show the regulators/auditors that you are aware of the regulations and have a project plan on how to become compliant … eventually. In the meantime, you are addressing the true risk of recovering from the most likely disaster, becoming resilient with the main production elements needed to satisfy your customer’s needs and showing the regulator/auditor a roadmap for the rest. Learn project planning and have the roadmap needed to keep you justified in your actions and not fined/penalized or worse.
Jack Orlove has designed and managed the implementation for a complex ATM infrastructure project and an implementation project for a 600 node frame relay/DSL interstate retail network).
Ms. Ingela Orlove is currently the president of Cyber Communication Inc., a boutique security consultancy firm in Sacramento California, and has over 20 years of experience in information security.
Emergency Response Session 4
Developing a Company Personal Information Breach Response Plan
Joyce Shroka, NiSource
Personal information is often compromised via the Internet, cyber attacks, hacking of accounts and more. While this can be complicated to tackle for an individual, it can also have further reaching impact to companies with the loss of of employee or customer personal information. In this session, we will explore the components of a personal information breach and form a response plan for a company.Discussion will include the definition of a breach; team member and individual team member roles and responsibilities; potential people/groups to notify; responsibility matrix; breach checklist and breach exercise.
Joyce Shroka, CBCP, CORS, is director of business continuity and records at NiSource Inc.
Advanced Session 4
Hazard Mitigation and Business Continuity
Dave Morgan, Delta Dental
In a complete business continuity program where a risk assessment is conducted to identify the hazards impacting a location, business, or employees, hazard mitigation can be a natural outcome and should be considered a standard of good practice. We need to recognize the value and practicality of prevention that underlies effective hazard mitigation. Hear an overview of the role of hazard mitigation in the risk assessment process and how it can enhance other planning steps. Referencing the 2013 California Multi-Hazard Mitigation Plan, the session will review the goals and objectives of a State hazard mitigation program and The National Preparedness System (Presidential Policy Directive 8: National Preparedness (2011)).
Dave Morgan is a senior BC Manager for Delta Dental.
Information Session 4
Federal Disaster Recovery Policy and Guidance
Wayne Todd, ProTegus
Explore a history of the U.S. government’s disaster legislation from the Cold War to the Internet. Learn about federal government regulations as they pertain to disaster recovery and business continuity. Common pitfalls and mistakes of contingency planning for federal agencies will be discussed as well as strategy development for security compliance and meeting U.S. government guidelines and regulations. Regulations included: FPC-65, HSPD-7 (Critical Infrastructure Protection), OMB A-130 Appendix III, FISMA, NIST Special Publication 800-34, and PPD-8. Other topics covered will include federal critical infrastructure protection, crisis communication, ensuring the survival of government, and the continuity of essential federal functions.
Wayne M. Todd is an IT security professional with more than 15 years of experience in disaster recovery within the U.S. Government.