A13 – BCDR Software Implementation – Lessons Learned and Recommended Practices

Aaron Callaway and Chris Hamrick, Fairchild Resiliency Systems
Successful system implementations are a combination of art and science.  Even the best systems can lead to epic fails and non-acceptance.  Selecting a BCDR application to help automate your program is a significant decision, one that can determine short and long-term success.  A process-driven system implementation is key to driving BCDR transformation in organizations, an effort that can also be a rewarding process for your organization and your career.  This presentation will discuss many lessons learned from implementing hundreds of various of systems and offer some recommended practices to help ensure program success and digital adoption. 

A14 – Third Party / Vendor Risk Management.  
Virag Shah, Hitachi Vantara
Over the last three years at Hitachi Vantara, business continuity has developed a global vendor risk management program through very tight collaboration with our Data Privacy and Information Security teams and by working closely with the Indirect Procurement team. This session will share best practices on how we started, what challenges we faced (initially), how was the program implemented, our current challenges, along with key takeaways for attendees.

C18 – Hard-Won Wisdom of the Risk Assessment Warrior
Stephanie Corona, SAS
Does your risk assessment seem like a “check the box activity?” What is the real business value? How can you get the most (or more) out of this traditionally-viewed compliance activity for your BCM program and your organization? Attend this session where the presenter will share her top 10, first-hand insights gleaned from evolving the BCM risk assessment methodology. The discussion will focus on how changes to the risk assessment approach can:

• Cultivate a richer risk dialogue with key stakeholders
• Tie controls and other key considerations to identified gaps
• Leverage the risk assessment to inform other BCM program deliverables.

C19 – Leveraging Enterprise Architecture for Continuity Management
Jayne Greenway, Nationwide
As CM practitioners, we are constantly looking for better ways to decompose a Critical Business Process (CBP) and its underlying IT dependencies to better our recovery capabilities and be more prescriptive in our recommendations for closing recovery gaps. With every BIA comes new challenges and a “reset.” This session will include an overview of how Nationwide is leveraging an Enterprise Architecture tool (ABACUS) to document the composition of its CBPs – from the incremental business functions within the CBP to the IT assets that support them. This collaborative process includes Continuity Management, Architecture, IT and Business Consulting communities and lays the ground work for weaving the information into the IT Service Management (ITIL) fabric for ongoing maintenance and protecting what matters most to Nationwide.      

C20 – Don’t Be Afraid to Audit Your Business Continuity Program       
Harvey Betan, H Betan Inc
Many organizations are of the opinion that performing annual exercises, both Disaster Recovery (technology) and Business Continuity Plans (business functions, etc.) suffice to validate their readiness and recoverability. Some have found out that these exercises fall short for many reasons. An effective audit of the plans would go a long way to improve incident recoverability. This presentation will discuss exercises of all kinds and the shortcomings of each, including how to improve them via an audit. In the end the participants will have a better understanding of the importance of an audit and the manner to which it will improve their plans and readiness. 

E3 – The Future of Recovery
Ragula Baskhar, Stay in Business
This session discusses leveraging existing and emerging technologies as part of an organization’s future recovery strategy. The presenter will discuss strategies that leading companies will engage in over the next few years. The presentation will include topics like business continuity cloud, automation, chain-of-command, plan flexibility/adaptability, communication, resource allocation, and plan adoption.