Professional Documents
Culture Documents
1
A Non-Profit Organization Committed to:
◦ Promoting a base of common knowledge for the continuity
management industry
Founded in 1988.
In 2009 DRII taught more classes outside the US than within the
US.
Government Organizations
•Chaired the Alfred P. Sloan Committee that drafted the Framework for
Preparedness that has been the foundation for the Title IX Implementation.
•Member U.S. Chamber of Commerce Homeland Security Task Force
•Member of the Council of Experts for ANSI-ANAB who will set the
credentialing standard for certifying bodies for PS-Prep
•Member of FEMA National Advisory Council Private Sector Subcommittee
•Member of Advisory Committee for Congressionally funded Project for
National Security Reform
•Meeting with Special Assistant to The President for Homeland Security
Standards Policy
Non-Government Organization
•Member of the NFPA 1600 Technical Committee
•Member of the BS25999 – ASIS Technical Committee
•Participant RIMS (Risk Insurance Managers Society) PERK (Professional
Exchange of Risk Knowledge) Program
•Cooperative Education Credit Sharing with ISACA (Information Systems
Audit and Control Association)
•Cooperative Education Credit Sharing with IC2
•Audit Course Development and Training for Auditors with NFPA (National
Fire Prevention Association)
•Developing Joint Program with Red Cross
Greater Marketplace Recognition
◦ Job Pre-Requisites
◦ Distinguishes Candidate
◦ HR Key Words
CBCP, ABCP
Financial
Gain – certification is
correlated with higher wages
6
7
Courtesy – BC Management – 2008 Survey
8
Employer Benefit –
◦ confirms for the employer, the employee has a
high level of knowledge of standard industry
practices and processes – AND CONTINUES TO
MAINTAIN CURRENT KINOWLEDGE
9
10
What Are We Trying to Accomplish?
◦ PREPAREDNESS
Emergency Management
Disaster management
Business Continuity
Is this New?
◦ Regulations
◦ Standards
◦ Guidances
11
Recommendation: We endorse the American National Standards
Institute’s recommended standard for private preparedness. We were
encouraged by Secretary Tom Ridge’s praise of the standard, and urge
the Department of Homeland Security to promote its adoption. We
also encourage the insurance and credit-rating industries to look
closely at a company’s compliance with the ANSI standard in assessing
its insurability and creditworthiness. We believe that compliance
with the standard should define the standard of care owed by a
company to its employees and the public for legal purposes. Private-
sector preparedness is not a luxury; it is a cost of doing business in
the post-9/11 world.
12
Business Continuity Regulations and Standards
Post-9/11
14
A list of Recommended Standards Against
Which a Company May Certify:
ASIS International SPC.1-2009 Organizational Resilience: Security
Preparedness, and Continuity Management System – Requirements
with Guidance for use (2009 Edition).
British Standards Institution 25999 (2007 Edition) - Business
Continuity Management.(BS 25999:2006-1 Code of practice for
business continuity management and BS 25999: 2007-2
Specification for business continuity management)
National Fire Protection Association 1600-Standard on Disaster /
Emergency Management and Business Continuity Programs, 2007
and 2010 editions.
15
ANSI-ANAB
In progress - ANSI
DHS
16
DRI/NFPA Course is proceeding with ANSI-CAP Accreditation for the Course
17
Created by Government/Industry Regulatory
Bodies
Punitive
◦ Fines
◦ Shutdown
Subject to Annual (Operational/Financial) Audit
Audit Conducted by Third Party
Results are Board Issues
May Create Vendor Requirements
◦ FFIEC
◦ HIPPA
Voluntary
Non-Punitive
Auditable Through First, Second or Third Parties
State of Flux
◦ NFPA 1600 is the ANSI National Standard is in Revised Every
3 years
◦ ASIS/BS25999 are Currently in the Early Stages of Seeking
ANSI Accreditation not Due until at Least End of 2009
◦ ISO 22399/PAS (Publicly Available Specifications) Interim
State
◦ New Australian Standard
◦ New Singapore Standard
A Certification by an Approved Certification Body
◦ No Endorsement by DHS/FEMA or Federal Government
A Distancing by DHS from the Process
Private Sector Certification Bodies
◦ Available Before PS-Prep
NFPA 1600
BS 25999
SS507 – SS540
Private Companies
20
No Get Out of Jail Free (Safe Harbor)
◦ Safety Act of 2002
No Reduction in Insurance Premiums
Does Not Exempt Regulatory Compliance
DHS Cannot Make It Mandatory – Only
Legislative Action Can
◦ Highly Unlikely
◦ Consider Sarbanes-Oxley
21
Rewards
◦ May Satisfy Customer Inquiries
Supply Chain
RFPs
◦ Create Uniformity
Multi-Nationals
◦ Increase Preparedness
PS-Prep Raised Awareness of Need to Prepare
Risks
◦ Quality of Auditors
Proper Training
No Control
Precludes “Any organization that provides preparedness
consulting services to private sector entities”
Potential Conflict
Financial – Operational Audit
Corporate Governance
Regulation
Expensive
Think Sarbanes-Oxley
Initial Expense
Annual or bi-Annual Review
REMEDIATION
Discoverable (Corrective Action Plan)
Focus on the Regs *
Broaden Your Viewpoint *
Keep Your Eyes on Transition *
Hold Off On (the Actual) Certification *
Walk Don’t Run *
Talk to Your General Counsel (DHS Does)
27
28
The Interstate Natural Gas Association of America (“INGAA”)
29
30
• Legal
31
International Center for Enterprise Preparedness th
The Legal Working Group On the Voluntary Business Preparedness
Accreditation and Certification Program