Breakout Track 2 - Monday, 2:45 - 3:45 p.m

Strategic Session 2

ISO 22301 – Route to BCM

Novice/Intermediate/Advanced

John DiMaria, British Standards Inst.

John DiMaria

By adopting business continuity management, organizations are better equipped to meet the challenges they face when a disruption occurs. ISO 22301:2012 specifies the requirements for setting up and managing an effective business continuity management system (BCMS) for any organization, regardless of type or size. Using and compiling with the standard can help your organization gain confidence in its ability to manage any disruption effectively and demonstrate that you are equipped should the unexpected hit the business. Learn the best practices contained within ISO 22301 and how the standard can lead you through setting up, managing and improving a BCMS.

John DiMaria is a management system professional, responsible for overseeing product roll-out and client/sales education. He is the product expertise spokesperson for BSI Group Americas.

Managerial Session 2

BCP from Theory to Practice

Intermediate/Advanced

Mark Pryce (CRM, CBCP)

Karl Bryant, Marsh

Mark Pryce Karl Bryant

Using real world experience to provide practical advice, attendees will learn how to implement a program that gets the job done. Discover how to build plans that people can actually use. Look out for lots of samples of presentations, assessments and templates (BIA, BCP, pandemic etc.) that you can take back home with you when the conference is done. This session is about sharing our experience and tools with you in your quest for a functional program.

Mark Pryce (CRM, CBCP) is the founder and Director of Consulting Services for RecoveryLogic Inc. Over the past decade, Mark has actively managed business continuity programs and consulted with public and private sector organizations of all sizes. He focuses on business continuity management, specifically program definition, risk assessment, business impact analysis, strategy definition, plan development, testing, training and program maintenance. Mark is a frequent speaker, and has served as Chair of the Canadian Telecommunications Emergency Management Association (CTEPA). Mark is a frequent speaker, include DRJ and various Government and association forums.

Prior to founding RecoveryLogic, Mark was the Director for Corporate Business Continuity Management (BCM) for Rogers Communications where he established their corporate program.

Karl D. Bryant, MBCI, CBCP, PMP, CBCLA, senior vice president business continuity risk management for Marsh.

Technical Session 2

What's in a Technical Recovery Plan?

Novice/Intermediate

Bruce Blank, Allscripts

Bruce Blank

This session walks through most aspects of a technical recovery plan supporting a health care application. Particular attention is paid to different platforms, interface operations, SAN storage, virtualization and IO mappings supporting a recovery. Those in attendance will get a different technical recovery plan view comparative to their own recovery plans and options.

Bruce Blank is a CISM and has more than 25 years of IT and risk management experience and built disaster recovery and corporate security and compliance programs.

Emergency Response Session 2

Recent US Federal Policy Developments Affecting Resiliency and Cybersecurity Landscapes

Novice/Intermediate/Advanced

Authors: Dr. Nader Mehravari, David White, Sam Merrell

Presenter: Dr. Nader Mehravari

Affiliation of all authors: Cyber Resilience Center, Software Engineering Institute, Carnegie Mellon University

Dr. Nader Mehravari

In the month of February 2013, there were several major federal policy developments which could affect certain strategies and practices for cyber protection and resiliency of the nation’s critical infrastructure. Such developments included: (1) the Presidential Executive Order titled “Improving Critical Infrastructure Cybersecurity,” (2) the Presidential Policy Directive (PPD-21) titled “Critical Infrastructure Security and Resilience,” and (3) the National Institute of Standards and Technology (NIST) initiating the development of an overarching framework for improving critical infrastructure cybersecurity and resiliency. This presentation is intended to provide a summary of these recent policy developments and discuss related subjects.

Advanced Session 2

A Holistic Approach to Convergence of Business Resiliency and Operational Risk

Intermediate/Advanced

Debra Zoppy, Guardian Life Ins.

Marc Sokol, Guardian Life Ins.

Zoppy Sokol

Business resiliency provides a high level assessment of risk and impact that a business may incur if they are unable to perform their operations or processes for a period of time as well as the impact of loss of access to application, third party services, or other dependent areas could have on them. Operational risk takes a deeper dive into each of the processes performed by a business area and assesses the potential consequences that could occur. Learn how the convergence of these two risk assessment disciplines makes this a repeatable, value added model.

Debra Zoppy, corporate crisis and risk management services for The Guardian Life Insurance Company of America.

Marc S. Sokol, CISM, CHS-III is corporate chief security officer and head of operational risk management for Guardian Life Insurance Company of America.

Information Session 2

Business Continuity Considerations for Business Process Offshoring

Intermediate/Advanced

Todd Litman, Fifth Third Bank

Litman

Learn about the various risks and benefits associated with offshoring business processes and the affect it may have on an organization and its business continuity management program. The presentation will also include a discussion on techniques to identify and mitigate risks associated with offshore processing. These techniques could be used to assist with managing and integrating with your new strategic partners.

Todd Litman’s, CBCP, responsibilities include the governance and integration of offshore strategic partners into the company’s BCM program.