Post on 21-Mar-2018
Prepared by BC Management
and the BC Management
International Benchmarking
Advisory Board
- 2012
International Business Continuity Program
Management Benchmarking Report
- An Exclusive Board Review
Trending in Business Continuity
Benchmarking. Plan Ahead. Be Ahead.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 2
Table of Contents
Welcome 3
Summary of Data Findings 3-5
Trends of Interest within the Business Continuity Profession 6-26
Corporate Integration of Business Continuity
IT/ disaster recovery & business continuity strategies adequately supporting organizations 6
Disciplines managed within the business continuity program 7-8
Integration of program with other organizational disciplines 9-10
Status of current program 11-12
Budgeting
Budgeting of expenses within organization 13
Approximate annual budget for contingency related program expenses 13
Budget revisions 14
Personnel
Current dedicated personnel 14
Hiring initiatives for the next year 15
Reduction of full-time, permanently employed personnel in the next year 16
Primary reason behind a reduction in force in the next year 16
Organizational Reporting Structure
Reporting structure – department owner for business continuity 17
Is the business continuity program positioned for maximum visibility by department owner 18
Program Sponsor
Assessment by job title on who is totally engaged and sponsoring the program 19
Sponsor’s level of engagement if a chief officer level or above 20
Technology Recovery Solutions
Utilization of third-party hot site/ alternate site technology providers 21
Considering an internal recovery capability 22
Vendor Utilization
Utilization of software planning tools, automated notification tools and/or mobile recovery solutions
22
Reasons for Planning, Regulatory Requirements & Organizational Certification
Primary reasons for developing and maintaining a program – “Priority” or “High Priority” 23
Regulatory requirements and/or standards to model program after – “Priority” or “High Priority”
24
Achieved certification in an organizational standard 25
Organizational standard achieved certification in 26
Participant Data & Respondent Characteristics ~ An overview of international respondent characteristics. 26-31
Reporting History, Study Methodology, Assessment of Data & Reporting 32-33
Thank you to BC Management’s International Benchmarking Advisory Board 33-37
Thank you to our Sponsors and those Organizations who Distributed the Study and/or Report 37-40
About BC Management, Inc. & Where to Download Complimentary Business Continuity Management Compensation Reports
40
Customize a Report Exclusively for your Organization 41-42
This is a complimentary report that is exclusive only to those professionals who
contributed to BC Management’s 10th Annual Business Continuity Management
study. This report is not meant for general distribution. Any distribution of this
report or reference to any information enclosed within this report is prohibited
unless approved by BC Management, Inc.
We invite you to learn more about BC Management’s customized business
continuity benchmarking data assessments. Please contact a BC Management
associate at info@bcmanagement.com for details.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 3
WELCOME
This report is a complementary service of BC Management, Inc. for members of the Business Continuity industry and related fields.
It is solely distributed to professionals who participated in the program management section of BC Management’s 10th
Annual
Business Continuity Management study (2011). The Board Summary that follows is an analysis of the results of our study by the BC
Management International Benchmarking Advisory Board. The report’s focus and relevant supporting data were selected by the
board to assist professionals in addressing some of their most pressing issues today. While this report provides a wealth of
information, it is not fully representative of the depth of data that our study collected. If your organization is in need of more
specific or customized data, BC Management offers a range of benchmarking services that can meet your needs. More detail on
these services is included at the end of this report. We hope you find this report useful in strengthening your program, and feel free
to submit any feedback on it to us.
SUMMARY
How to Read the Report
The Internat ional Business Continuity Program Ma nagement Benchmarking Report – An Exclusive Board
Review is designed to provide a summary of the wealth of data col lected from nearly 3000 respondents to BC
Management’s International Business Continuity Management survey as i t perta ins to trend analysis . This
report wi l l serve as a resource in assessing and understanding the direct ion of the business cont inuity
management profession .
Highlighted throughout this report are a var iety of business cont inuity program management init iat ives that
showed the most noteworthy changes between 2009 and 2011. This is the f irst report of i ts kind and BC
Management is able to offer such a report as a result of data analysis from three consecutive years of an
identical survey.
Findings Business Continuity Management Program Advancements
In assessing the data results between 2009 and 2011 we noticed the following business continuity management program
advancements that indicate a shift to an enterprise-wide resiliency focus with increased executive support and acknowledgement of
increased standards that will more than likely continue to evolve the profession in the future.
More respondents indicated that the business continuity program and/or the disaster recovery program is meeting the
organizational needs of the corporation.
Increase in the number of disciplines managed within the business continuity management program with crisis
management, emergency management and risk management showing the greatest increase.
Improved integration of the business continuity management program with other corporate functions with security-
information, information technology, emergency management, disaster recovery (IT focus) and crisis management showing
the greatest improvement.
Adding more full-time, permanent personnel dedicated to the program and a decrease in downsizing of personnel in the
next year.
The business continuity office showed the most significant gain of where to position the program when assessing the
department owner and organizational structure.
Risk management and the business continuity office received the highest approval ratings of where to position the program
from a department/ organizational structure review.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 4
Increased awareness seems to be evident at the chief officer level as more respondents indicated a shift in program
sponsor from mid management/ management to the chief officer level/ board committee.
The chief level program sponsors are stepping up their level of engagement with the business continuity management
program.
More respondents noted several standards/ regulations to model their business continuity program after as a high priority.
Advancement of organizational certifications as more respondents noted to obtaining multiple organizational certifications.
Business Continuity Management Program Deteriorations
Our study pointed to a few disappointing data points that center on budgeting of the business continuity management program. We
can assess that this is more than likely due to the deep recession, especially since this trend analysis is between the timeframe of
2009 to 2011. Corporations around the world are understandably cost conscious, thus the following data findings were not
surprising.
A shift was indicated as to how business continuity is being budgeted within corporations from being allocated
independently to having no defined budget.
Severe cuts in business continuity management program budgets were noted between 2009 and 2011.
The most significant budget decrease was for those respondents who tied their business continuity management budget to
other corporate departments.
Other Business Continuity Management Program Notable Trends
Our data analysis indicated other noteworthy business continuity management trends. These trends could be viewed as having a
positive, negative or neutral impact to the future of the business continuity management profession.
The 2011 study showed that more respondents indicated no change to the business continuity management program
budget in the next year.
There was a significant decrease in the number of part-time dedicated personnel to the business continuity management
program while full-time dedicated personnel showed consistency.
Those corporations who are downsizing the dedicated business continuity personnel indicated increased drivers between
2009 and 2011 to be a change in priorities, reduction in scope of work and transfer of functions. The most significant
drivers in 2009 (financial pressures and organizational restructuring) did diminish substantially, although the data results
still indicated these factors as considerable.
Increase of respondents who noted a mix recovery solution between a third party hot site/ alternate site vendor and
internal recovery solution as well as an increase of respondents who noted an internal solution at an alternate site. At the
same time, those respondents who noted an exclusive use of a third party hot site/ alternate site vendor for their recovery
solution declined.
Slight increase in utilization of software and notification provider tools between 2009 and 2011.
More respondents noted the following as a high priority for reasons to develop and maintain a business continuity
management program.
o Ensure safety of employees
o Be compliant with good corporate governance
o Response to audit results/recommendations
o History of business interruptions
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 5
Using the Data How Can this Report Benefit Your Program and Your Organization?
What is the take away?
This report is a compilation of all the data provided in the 2009, 2010 and 2011 studies. Our summary is a broad analysis of a
segment of the data offering an illustration of how the business continuity profession is viewed and what we can learn from these
study results. This is simply a baseline of the trends in our industry. Our hope is that you can use it as a starting point, if not a guide
as you work towards gaining executive support and establishing metrics to better measure the effectiveness of your program. The
report can be leveraged to provide you with facts to present to your executive management to help justify continued emphasis in
key areas of your business continuity program. But don’t forget, as professionals in this industry, the report also offers insight into
career development opportunities that you should use to identify areas to further develop your own skills.
As you continue on your journey consider benchmarking your organization against your peers. Enclosed you will find a great deal of
data, though it is impossible to display everything, which is why the customized reporting by organization will be essential if an
organization wants to obtain a clear understanding of other “similar” organizations. A feature of the customized reports is providing
a detailed analysis specific to your industry which not only allows you to benchmark your own program against very mature
programs specific to your demographics, but also is an opportunity to create a roadmap for your program based on effective peer-
based models and supporting data.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 6
0%
10%
20%
30%
40%
50%
60%
2009 2010 2011
IT/DR Strategies Meet Organizational Needs
No
Yes
0%
10%
20%
30%
40%
50%
60%
70%
2009 2010 2011
BC Strategies Meet Organizational Needs
No
Yes
7% Increase from
2009 to 2011.
6% Increase from
2009 to 2011.
Corporate Integration of Business Continuity
Study Question - To your knowledge, do you feel your current IT/Disaster Recovery and Business
Continuity strategies adequately support the needs of your organization? (An assessment of all
study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 7
BC Management’s study inquired on how many and which disciplines are managed within the business continuity
management program. The purpose of this question is to assess how business continuity is managed within
organizations, meaning which disciplines are commonly paired within a business continuity/ disaster recovery
management program and how many functions is a business continuity/ disaster recovery manager commonly
overseeing.
0%
10%
20%
30%
40%
50%
60%
70%
1 2 3 4 5+
Number of Disciplines in the Program
2009
2010
2011
18% Increase
It is not surprising we are seeing an 18% increase in the number of disciplines associated with BCM programs as
BCM is increasingly being managed as part of broader Enterprise and Operational Risk Management initiatives,
given its rising importance. Along with this comes greater regulation, more demands for internal and external
audits and closer working relationships with other critical functions as is evidenced in the graphic below.
- Thomas Wagner
Study Question – Please specify all the disciplines that you personally manage within your
program. Select all that apply. (An assessment of study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 8
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Other
Security - Physical
Security - Information
Risk Management - Operational
Risk Management - Insurance
Risk Management - Enterprise
Records Management
Pandemic Planning
Information Technology
Health & Safety - Environmental
Health & Safety - Occupational
Facilities Management
Emergency Management
Disaster Recovery Process (IT Focus)
Crisis Management
Compliance
Business Continuity Process (Business Focus)
Audit
Discplines Managed in the Program
2011
2010
2009
7% Increase
8% Increase
8% Increase
2% Decrease
4% Decrease
Question not included
in the 2009 BCM Study.
In addition, given the significant rise in the number of major events over the past ten years due to
terrorism and natural disasters we are definitely seeing much closer integration with Crisis and
Emergency Management as strategies, plans and protocols must be tightly coordinated with Business
Continuity and Disaster Recovery efforts accounting for the 7% increase shown above.
This decrease in IT as a managed discipline can partially be explained by the maturation of ITIL Service
Continuity programs in large companies whereby IT is taking on more BCM-like responsibilities for
applications and infrastructure. We are also seeing a large migration of applications, infrastructure and
DR services to “cloud” vendors who are typically managed by the IT organization.
The decrease in Pandemic Planning is not too surprising. In many firms, Pandemic Planning was
managed by business-led committees with BCM playing a supporting role since the many legal, human
resource and medical dimensions that must be handled. This could be a continuation of the overall
trend whereby as the overall importance of BCM is increasing at an enterprise level, the business are
beginning to step-up and take on many of the challenges and responsibilities for keeping the enterprise
up and running.
- Thomas Wagner
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 9
The two data graphs below highlight the percent of respondents who indicated “No Integration” and “Completely
Integrated” in 2009, 2010 and 2011 for the disciplines noted. Several categories were not included in the 2009 BCM
Study (Business Unit Participation, Change Management, Executive Protection, Media Crisis Management, Pandemic
Planning, Privacy, Senior Management Participation/ Sponsorship and Strategic Plan/ Corporate Mission Statement). In
reviewing the results from the previous three previous studies, we discovered that the following disciplines showed
improvement: Security- Information, Information Technology, Emergency Management, Disaster Recovery (IT Focus)
and Crisis Management.
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Strategic Plan/ Corprate Mission Statement
Senior Management Participation/ Sponsorship
Security - Physical
Security - Information
Risk Management - Operational
Risk Management - Insurance
Risk Management - Enterprise
Records Management
Privacy
Pandemic Planning
Media Crisis Management
Information Technology
Health & Safety - Occupational
Health & Safety - Environmental
Facilities Management
Executive Protection
Emergency Management
Disaster Recovery (IT Focus)
Crisis Management
Compliance
Change Management
Business Unit Participation
Audit
Disciplines - No Integration with Program
2009
2010
2011
4% Improvement from 2009
10% Improvement from 2009
4% Improvement from 2009
11% Improvement from 2009
6% Improvement from 2009
Study Question - How well integrated are the following within your organizational program?
Please rate on a scale of 1 to 5 with 1 meaning NO INTEGRATION and 5 meaning COMPLETELY
INTEGRATED. (An assessment of all study respondents.) *All related enterprise discipl ines are l isted within the study to accommodate a variety of discipline expertise .
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 10
0% 20% 40% 60% 80% 100% 120%
Strategic Plan/ Corprate Mission Statement
Senior Management Participation/ Sponsorship
Security - Physical
Security - Information
Risk Management - Operational
Risk Management - Insurance
Risk Management - Enterprise
Records Management
Privacy
Pandemic Planning
Media Crisis Management
Information Technology
Health & Safety - Occupational
Health & Safety - Environmental
Facilities Management
Executive Protection
Emergency Management
Disaster Recovery (IT Focus)
Crisis Management
Compliance
Change Management
Business Unit Participation
Audit
Disciplines - Completely Integrated with Program
2009
2010
2011
15% Improvement from 2009
18% Improvement
from 2009
11% Improvement from 2009
16% Improvement
from 2009
There has been a relentless need, for BCM Program sponsors & stakeholders, to realize the value-addition BCM
program brings along, provided, given the right mix of recognition. On a positive note, we are beginning to see
convergence of disciplines, which indeed, has increased significance, effectiveness and efficiency of BCM to the
organization and elevated it to its justified position. Above data graphs noticeably highlight the fact that BCM Program
excels when all its related disciplines and functions are well integrated as an enterprise-wide resiliency initiative.
Bridging proactive and reactive zones are always rewarding as we can see below that while disciplines being
integrated, there is 15% improvement in Crisis Management compared to 2009 and there is also a substantial increase
in Emergency Management, which demonstrates BCM as an enterprise-wide domain and not just a discipline focused
on survivability of the organization. As we can see in the above data graphs, there seems a tremendous improvement
in DR (IT focus) as this not only exemplifies the maturity in IT discipline but also highlights a steady and well-
coordinated relationship between IT and BCM, which at times, poses the biggest challenge.
It is indeed promising to see that BCM discipline has started to make a paradigm shift from ‘continuity’ to ‘resiliency’
notion.
- Sohail Khimani, CBCP, MBCI
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 11
The table below indicates all study respondents and their current status of the continuity program, regardless of
program maturity or how long the program has been in existence.
In a review of the responses for overall status of the program, variances were minimal in both a positive and
negative direction. This is not surprising with the business climate over the past few years. From a positive view, it
is significant that during the financially stressed business environment, programs have successfully managed to
sustain, or minimally decrease their business continuity program. The largest change was a growth by 7% (since
2009) in those organizations implementing a corporate-wide BC program. One could read into the results that
simple point solutions are now being replaced by corporate-wide for on Business Continuity.
A few categories did indicate a step backward in planning, such as the following: A full functioning
executive/leadership transition is in place (-3%), A full functioning pandemic preparedness policy is in place (-2%),
Maintain an exercise schedule in order to identify new potential vulnerabilities or weaknesses in the current BCM
program (-1%), Maintain an assessment and audit schedule of the BCM program to ensure the program is up to
date and complete (-2%), Implemented an awareness and training program to promote and educate the entire
organization on the BCM program (-3%) and Policies and procedures are in place to interact and coordinate with
external agencies in times of a disaster (-3%). These are small variances and therefore may not indicate a trend.
- Ann Pickren
While trying to engineer justifications to get senior management support, business continuity discipline was used to
be considered as a ‘back-burner’ for years. This was changed prior to financial meltdown where much focus and
resources were dedicated to business continuity discipline. However, currently, in the time of financial distress,
companies are scrutinizing their spending cautiously. While the significance and criticality of having an enterprise-
wide business continuity process has been acknowledged, managers now seem reluctant to commit resources and
it seems like business continuity discipline has been put into intensive care.
This is evident from the data graph below, where majority of data points indicates no significant improvement in
the program status whereas in few categories, we can see a negative impact in areas such as, exercising plans (-1%)
and BCM training investments (-3%), which are critical towards the success of BCM efforts.
Given the global statistics, the need for a solid BCM Program is evident and imperative. However, with the
pressures on managers due to austerity and cost conservatism, it can be difficult to convince management that
reinforcement of BCM is prudent, at the time, when global recession is treating companies very harshly.
- Sohail Khimani, CBCP, MBCI
Study Question - Please choose all that apply to describe your organization’s current continuity program status under your direction and management. Please check all that apply. (An assessment of all study respondents.) * “% of Resp” column will exceed 10 0% due to multiple selections.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 12
0% 50% 100% 150% 200% 250%
A full functioning executive/leadership transition is in place.
Currently implementing an executive/leadership transition plan.
Currently developing an executive/leadership transition plan.
A full functioning pandemic preparedness policy is in place.
Currently implementing a pandemic preparedness policy.
Currently developing a pandemic preparedness policy.
Maintain an exercise schedule in order to identify new potential vulnerabilities or weaknesses in the current BCM program. Analyze findings to elevate the program.
Maintain an assessment and audit schedule of the BCM program to ensure the program is up to date and complete.
Implemented an awareness and training program to promote and educate the entire organization on the BCM program.
Implemented a full functioning, corporate wide BCM program that meets the organization’s contingency, resiliency, risk management, emergency management
and crisis management needs.
Incorporated a full enterprise risk management program with controls in place to avoid or mitigate potential risks.
Currently conducting an enterprise risk assessment for the board and/ or senior management.
Considering conducting an enterprise risk assessment for the board and/ or senior management.
A Crisis Communications program is in place.
A Crisis Management process and plan is in place.
Policies and procedures are in place to interact and coordinate with external agencies in times of a disaster.
A full functioning Emergency Operations Center is in place.
Currently implementing an Emergency Operations Center.
Currently assessing an Emergency Operations Center.
Currently developing and implementing BC and/or IT DR plans that meet the needs of the organization.
Currently conducting BIA or risk assessments.
Currently obtaining or have management support and formulating the BCM program framework to include contingency strategies, resiliency needs, recovery objectives,
operational and enterprise risk management and crisis management plans.
Some departments/divisions have business continuity plans.
There are contingency plans in place for IT DR functions only.
Off-site data recovery only.
There are no business continuity and/or IT disaster recovery plans in place.
Status of Program
2009
2010
2011
7% Improvement
from 2009
4% Improvement
from 2009
4% Improvement
from 2010
Questions not included in the
2009 BCM Study.
4% Improvement
from 2009
5% Improvement
from 2009
4% Improvement
from 2009
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 13
0%
10%
20%
30%
40%
50%
60%
Program Expenses Allocated
Independently
Program Expenses Allocated to Other
Departments
No Defined Budget
Budgeting of Program Expenses
2009
2010
2011
$0
$1,000,000
$2,000,000
$3,000,000
$4,000,000
$5,000,000
$6,000,000
$7,000,000
Program Expenses Allocated
Independently
Program Expenses Allocated to Other
Departments
No Defined Budget
2009 $2,233,235 $5,527,214 $756,463
2010 $2,277,273 $6,670,751 $955,137
2011 $1,515,813 $2,528,585 $805,521
Average Expenditures by Budgeting of Program
8% Decrease from 2009
While it seems logical to blame the struggling economy on the decrease of expenses allocated independently and an
increase in no defined budgets, other important factors likely influence these trends. These factors are also critical in
defining how money will be spent in the near future.
During the above time period, there has been a shift of pushing technology and service solutions to fulfillment by external
third parties. With this shift, it is up to the third party to package the solution with recovery costs built in, which lessens
the budget necessity and dollars needed for an organization’s internal BC Program. However, organizations are quickly
realizing that they cannot contract out the risk to third parties. Regulations such as TB-82A are requiring organizations to
increase their oversight of critical third party BC compliance, which may result in an increase of budgets defined to
manage these new controls that need to be managed by an organization’s BC program.
- Philip Bigge
Budgeting
Describe how continuity program expenses are budgeted under your direction and management?
(An assessment of all study respondents.)
Study Question – What is your company’s approximate annual budget for contingency related
program expenses? (An assessment of all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 14
0%
10%
20%
30%
40%
50%
60%
70%
Increase Decrease Unchanged Not Sure
Budget Revisions for the Next Year
2009
2010
2011
0
10
20
30
40
50
60
Full-time Staff Part-time Staff
Dedicated Personnel to Program
2009
2010
2011
Data figure above indicates that more respondents are indicating no changes in the program budget versus decreasing
the budget. This would seem to indicate that those corporations that are cutting budgets are doing so drastically since
the budgets decreased in the previous graph.
Study Question - Please specify budget revisions for the next year for each budget line item –
Increase, Decrease, Unchanged, or Not Sure. (An assessment of all study respondents.)
Personnel
Study Question - Please indicate how many full -time employees (FTE) and/ or part-time
employees (PTE) you have dedicated to your continuity program? Please confirm that the
number below is the total FTE and PTE headcount for all locations und er your direction and
management. (Auto-sum function built into study.) (An assessment of all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 15
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
Full-time Staff Part-time Staff
Hiring Dedicated Personnel to Program
2009
2010
2011
Given the earlier findings on the increase in the number of disciplines associated with BCM and closer integration of these
disciplines towards an enterprise-wide resiliency focus, it is not surprising to see an increase in the number of dedicate
personnel to continuity programs with a corresponding reduction to part-time personnel. This is a significant testament
that organizations are seeing value in BCM and recognizing the fact that the function is important enough to warrant
dedicated resources in order that it received the attention it deserves.
- Kenny Seow, CBCP
The finding indicates that the trend of dedicating resources to BCM is set to continue, giving credence that the increase
in the number of dedicated full-time personnel to BCM from the previous graph may not be a one-off phenomenon.
This is perhaps one reflection of the increasing maturity of BCM in organizations and organizations are planning for
growth in this area.
- Kenny Seow, CBCP
Study Question -How many full-time employees (FTE) and/ or part-time employees (PTE)
dedicated to the continuity program you plan to hire in the next year? Please confirm that the
number below is the total number of proposed new personnel for all locations under your
direction and management. (Auto-sum function built into study.) (An assessment of all study
respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 16
0%
10%
20%
30%
40%
50%
60%
70%
80%
Not Sure
None 1 2 3 4 5 6-10
2009 31% 63% 3% 1% 1% 0% 0% 0%
2010 20% 77% 3% 0% 0% 0% 0% 0%
2011 20% 79% 1% 0% 0% 0% 0% 0%
Reduction of Full-time Dedicated Staff
2009
2010
2011
0%
10%
20%
30%
40%
50%
60%
70%
80%
Reason for Reduction in Dedicated Program Personnel
2009
2010
2011
Study Question - Will you be reducing your full -time dedicated continuity program staff in the
next year under your direction and management? (An assessment of all study respondents.)
Study Question - If yes, what are the reasons for reducing your dedicated contin uity program
staff in the next year? Please select all that apply. (An assessment of all study respondents.) * Total percent may exceed 100% due to multiple selections .
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 17
0%
5%
10%
15%
20%
25%
30%
Reporting Structure - Department Owner
2009
2010
2011
The reporting structure of a Business Continuity Management group can often define the direction and success of the
overall program. It is therefore important when establishing a program to carefully understand the unique business
activities of an organization and appropriately define the reporting structure. Information Technology (IT) continues to
command the largest percentage of reporting structure for organizations. However this may hinder the success of the
overall program since IT is a support function and Business Continuity Management is a business driven program. From
the 2009 to 2011 time period, the Business Continuity Office experienced a 6% increase (representing the largest
percentage change in any 2-year comparison). This may be the result of an organization moving up the maturity model
and understanding the significant role of Business Continuity Management in the overall Enterprise Risk Management
(ERM) program.
- Jerome P. Ryan, CBCP
Organizational Reporting Structure
Study Question - Which department best describes the reporting structure of your program
under your direction and management? Please select the best response from the following
departments. (An assessment of all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 18
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Disagree Agree Disagree Agree Disagree Agree
2009 2010 2011
Positioning of Program for Maximum Visibility
Business Continuity Office
Corporate Offices
Information Technology
Operations
Risk Management
Security- Information
The change is negligible. The consensus shows that BCM should report up through RM, which is where “leading
practices” indicate it should be. Bottom line: BCM is a function/component of ERM, thus, the placement within RM
makes the most sense given its (RM and ERM) strategic and functionally independent (similar to Internal Audit)
role/visibility within an organization. Using this rationale, it does not surprise me that the other responses have
waned/decreased over the years.
- Jeff Dato, MBCP
Study Question – Under the current department ownership, do you agree that the continuity
program is best situated within your organization for maximum visibility? Selection choices
include strongly disagree, disagree, neutral, agree and strongly agree. (An assessment of all
study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 19
0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
20%
Program Sponsor
2009
2010
2011
I believe this shift in oversight is directly attributed to recent high-visibility events that have rocked/slayed numerous
global organizations. With the S&P mandating ERM from creditworthiness standpoint, BODs are taking ERM/BCM
more seriously than ever. The increase of Risk Committees is on the upswing, pushing oversight into the BOD suite.
- Jeff Dato, MBCP
Program Sponsorship
Study Question - Please specify by job title who is totally engaged and sponsoring the continuity
program functions. Please select the best response. (An assessment of all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 20
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Not Involved Involved Not Involved Involved Not Involved Involved
2009 2010 2011
How Engaged is Sponsor
Board/ Executive Committee
CEO - Chief Executive Officer
CIO/CTO - Chief Information Officer
CFO - Chief Financial Officer
COO - Chief Operating Officer
CRO - Chief Risk Officer
Tying back to the last two charts, this is not surprising. The increase in executive oversight is tied directly the
aforementioned high profile/trigger events – data breaches (IT), increased regulatory and shareholder scrutiny
(Board/CEO), economic decline/lower profitability (CFO), intensified interest in ERM following predatory lending
and increased natural disasters/events (CRO), etc. BCM has become “accepted” as a part of doing business – not
a luxury.
- Jeff Dato, MBCP
Study Question - If the program is being sponsored by a Chief Officer or above, is this person
really engaged in your opinion? Rate on a scale of 1 to 5 with 1 meaning Very Little Involvement
and 5 meaning Very Involve. (An assessment of all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 21
0%
5%
10%
15%
20%
25%
30%
Yes, exclusively at
vendor
Yes, mixed between multiple
vendors
Yes, mixed between
vendor and
internal recovery
No, internal solution at
primary site
No, internal solution at
alternate site
No, currently considering
recovery
solution
No recovery solution in
place
Doesn't apply to program I
manage
Contract with a Third-Party Hot Site/ Alternate Site Provider
2009
2010
2011
Over the past decade we’ve seen a continued decrease of alternate site contract with third party vendors. As our study
shows, this trend has continued over the last three years showing decrease of 4% from 2009 to 2011. Some key
underlying reasons for this trend include:
a) More stringent continuity requirements for heavily regulated industries (i.e. banking, healthcare, and energy)
prompted organizations bring solutions in-house.
b) As requirement became more stringent, some third party solutions turned out to be to cost prohibitive.
c) Improved technologies (such as virtualization) facilitate deployment of dedicated, internal solutions,
traditionally dependent on third party sites.
On the other hand, as organization bring BC/DR solutions for their most business critical functions/systems in-house;
they are also expanding the scope of these capabilities to the next levels of criticality. Additionally, market forces such as
globalization and tight, interconnected supply chains have raised the need for BC/DR capabilities in industries such as
retail and manufacturing. All of these factors contribute to an increase in solution that require a combination of internal
and vendor solutions. As shown in the graph this combined solution architecture grew by 3% between 2009 and 2011.
- Alberto Jimenez, CBCP,PMP
Technology Recovery Solutions
Study Question - Do you contract with a third-party hot site/ alternate site technology
recovery vendor under your direction and management? (An assessment of all study
respondents.)
.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 22
0%
10%
20%
30%
40%
50%
60%
70%
2009 2010 2011
Considering Internal Recovery Capability
Yes
No
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Yes No Yes No Yes No
2009 2010 2011
Software 46% 54% 56% 44% 50% 50%
Notification Alerts 60% 40% 71% 29% 69% 31%
Mobile Recovery 24% 76% 19% 81% 21% 79%
Utilization of Vendors
As organizations require more sophisticated solutions, they are also looking for better tools to support the development
and continuous improvement of these capabilities. We can see this trend in the graph which shows an increase in software
utilization (4%) and notification alerts (9%) between 2009 and 2011. Conversely, we can also see a decrease in the use of
Mobile Recovery (-3%), as this type of solutions is generally seen as less sophisticated and difficult to test.
- Alberto Jimenez, CBCP, PMP
Vendor Utilization
Do you utilize software planning tools , automated emergency notification tools, or mobile
recovery solutions to assist with your Business Continuity Management program initiatives under
your direction and management? (An assessment of all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 23
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
History of business interruption(s)
Minimize future impact
Protect stakeholders
Comply with regulations or laws
In response to audit results/recommendations
Good business sense
Right thing to do
Customer requirement
Contractual agreements/service-level agreements
Insurance policy recommendation
Organization wants to be globally competitive and must comply with international standards.
Organization wants to be perceived to be compliant with good Corporate Governance.
Organization wants to ensure safety of their employees.
Organization wants to protect and increase its economic value.
Protection of reputation and brand of organization.
Reasons for Developing and Maintaining a Program - Percent of Respondents Indicating "Priority" or "High Priority"
2011
2009
Reasons for Planning, Regulatory Requirements & Organizational Certification
Study Question - Please rate the following primary reasons for developing & maintaining a
program on a scale from 1 to 5 with 1 meaning LOW PRIORITY and 5 meaning HIGH PRIORITY.
(An assessment of all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 24
0%
10%
20%
30%
40%
50%
60%What Regulatory Requirement and/or Standard is the Program Modeled After -Percent of Respondents Indicating "Priority" or "High Priority"
2009 2011
In the period under consideration, ie between 2009-2011, the top 5 regulatory organizations have are: DRI
International Professional Practices, NFPA 1600, Sarbanes Oxley, BS 25999 Part 2, Business Continuity
Management Systems. During this period the highest growth (increase) was witnessed by BS25999 Part 2 –
Business Continuity Management Systems (12%) and HIPPA (10%). SEC (-9%) and OSHA (-6%) recorded the
biggest decline during this period.
Unfortunately, there is no annotation or indication that gives an indication or explanation as to the increase in
and decline in some of the institutional organizations.
- Gideon For-mukwai, CBCP, CEM
Study Question - What regulatory requirement and/ or standard do you model your Business
Continuity Management program after. Rate on a scale of 1 to 5 with 1 meaning LOW PRIORITY
and 5 meaning HIGH PRIORITY. Please include Not Applicable (N/A) if the regulatory
requirement and/or standard do not app ly to your organization. (An assessment of all study
respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 25
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
2009 2010 2011
Certified in a Standard
Yes
No
There wasn’t a significant increase in percent of respondents noting obtaining a certification in a standard
between 2009 and 2011 (noted in the graph above). One would assume that the corporations that are
obtaining certification in a standard are obtaining multiple certifications since the graph below notes an
increase in percent of respondents for several of the certifications. Several of the standards below were not
added to the study until 2010, regardless, many of these noted a significant increase between 2010 and
2011.
This general increase includes standards that are more or less related to BCM. This is probably due to the
increase of integration or management of other disciplines within the BCM program, as displayed in the
previous pages of this report. Of these standards we note a very significant increase for ISO 27001 and
SAS70 since 2009 probably because more and more organisations feel the pressure from their customers
who want to be reassured that good controls are in place.
With the coming of ISO 22301 in 2012, many countries will adopt this standard as their national standard
for BCM. In the coming years, it will be interesting to see how organisations will turn to this international
standard for certification and how it will replace some of the existing standards that are less international or
less of a BCM nature.
- Denis Goulet, CBCP, MBCI
Study Question - Has your organization achieved certif ication in a standard? (An assessment of
all study respondents.)
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 26
0%
10%
20%
30%
40%
50%
60%
Standard Achieved Certification In
2009
2010
2011
3,152 study participants from over 50 countries as of December 15, 2011. Incomplete/ partial study responses were included as
appropriate within the report. Study was divided into 2 sections.
Business Continuity Compensation – 1,783 professionals participated in the compensation section from 59 countries. Incomplete study responses were included within this report along with the completed responses.
Business Continuity Program Management – 904 professionals participated in the program management section from 37 countries. Incomplete study responses were included within this report along with the completed responses.
Complete responses were received from the following countries: Australia, Belgium, Brazil, Canada, Cayman Islands, China,
Colombia, Denmark, Egypt, France, Germany, Honduras, India, Ireland, Italy, Japan, Kuwait, Malaysia, Malta, Mexico, Netherlands,
New Zealand, Norway, Pakistan, Philippines, Portugal, Qatar, Saudi Arabia, Singapore, South Africa, Sweden, Switzerland, United
Arab Emirates, United Kingdom, United States of America and Venezuela.
International Respondent Characteristics = 3,152 Study Respondents
Company Revenues span from non-profit/ government to over $400 Billion USD.
Study respondents span over 45 industries.
Average Number of Company Locations (Corporate/ Operational) = 16-25 Company Locations span from 0-5 Locations to more than 10,000.
Average Number of Company Locations (Retail/ Customer Interfacing) = 26-50 Company Locations span from 0-5 Locations to more than 10,000.
Average Number of Employees = 5,000 – 10,000 Company Employees span from 0-5 to more than 400,000.
Majority of respondents (61%) managed 5+ disciplines within their program.
Study Question - If yes, please select which standard(s) your organization has achieved
certification. Please select all that apply. (An assessment of all study respondents.) - Total percent may exceed 100% due to multiple selections.
International Participant Data & Respondent Characteristics
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 27
Less than $10M, 17%
$10 - $50M, 7%
$50 - $100M, 3%
$100 - $500M, 10%
$500M - $1B, 8%$1 - $10B, 26%
$10 - $20B, 6%
$20 - $50B, 4%
Over $50B, 18%
Revenue in USD
International Participant Data & Respondent Characteristics Continued
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 28
International Participant Data & Respondent Characteristics Continued
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 29
International Participant Data & Respondent Characteristics Continued
Those respondents who noted “Do not
manage a program” were exited from
study.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 30
International Participant Data & Respondent Characteristics Continued
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 31
6%
15%
40%
28%
12%
Program Maturity - Self Rating
Very Immature
Immature
Average
Mature
Very Mature
International Participant Data & Respondent Characteristics Continued
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 32
Since 2001 BC Management, Inc. has been gathering data on business continuity management programs and compensations to
provide professionals with the information they need to elevate their programs. Each year our organization strives to improve upon
the study questions, distribution of the study, and the reporting of the data collected. Below is a timeline detailing BC
Management’s eight years of business continuity reporting expertise.
* The advisory board is composed of 21 international thought leaders coming from the United States of America, Canada, Latin America, the United
Kingdom, Singapore, Australia, China, Japan, India, Middle East, Eastern Europe and Africa. Our board is comprised of professionals in not only business
continuity, but also risk management, emergency management, high availability and environmental health and safety.
The on-line study was developed by the BC Management team in conjunction with the BC Management International Benchmarking
Advisory Board. WorldAPP Key Survey, an independent company from BC Management, maintains the study and assesses the data
collected. The study was launched in May of 2011 and the study remained open through December 2011. Participants were
notified of the study primarily through e-newsletters and notifications from BC Management and from many other industry
organizations. A listing of participating organizations is included within this report. The study has been translated in five languages
and it accommodates professionals who are permanently employed on a full-time or part-time basis, self-employed as an
independent contractor or unemployed. Respondents receive a unique path of branching questions, which is dependent upon their
experience and employment status. The study is coded with extensive logic to ensure a correct question branching path and to
eliminate unintelligible data. It is comprised of two sections spanning over 100 questions. The first section focuses on the factors
that impact compensations within the business continuity and related professions. The second section focuses on business
continuity program management initiatives, which includes budgets, dedicated personnel, organizational reporting structure,
maturity of the program, exercises, auditing, vendor utilization, program activation during an event and much more. Respondents
to the study have the option to complete one or both sections. Only those respondents who manage a program within business
continuity or a related discipline qualify to complete the program management portion of the study. All participants are given the
option of keeping their identity confidential.
Reporting History
Study Methodology
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 33
BC Management is continuously reviewing and verifying the data points received in the study. Data points in question are confirmed
by contacting the respondent that completed that study. If the respondent did not include their contact information, than their
response to the study may be removed. With our eight years of expertise in collecting and assessing such data points, BC
Management has an exceptional understanding of what is considered questionable or unintelligible data. To date BC Management
has contacted over 200 professionals to confirm their individual study response. We then have the ability to log into the
respondent’s study and update their answers on their behalf to ensure valid data points.
WorldAPP Key Survey built a customized reporting tool for BC Management, which enables us to quickly assess data and prepare
reports. We have the ability to prepare reports with no data filtering or analyze the data in applying any combination of fi lters from
any of the study questions. Data findings in many of the figures were rounded to whole numbers, thus the total percent may not
equal 100%.
BC Management’s International Benchmarking Advisory Board was instrumental in reviewing the study to ensure it focused on the
topics that are of the greatest interest to continuity professionals today. The goal was to develop a credible reporting tool that
would add value to the business continuity profession.
BC Management’s International Benchmarking Advisory Board Clyde Berger, CBCP (USA Focus) - President, Imagine Continuity Enterprises Inc. (A Resiliency Management Consulting Company).
Director, Worldwide Business Continuity Management, Pfizer Inc. Global Business Continuity Program Director at Avaya Inc.
Business Continuity and IT Disaster Recovery Consultant. Americas Regional Director of BCP at Credit Suisse First Boston and
Deutsche Bank. Global Vice President of BCP & IT DR at Salomon Smith Barney / Citigroup. BCP Lead Program Manager at Chemical
Bank (prior to JP Morgan Chase mergers). Certified as a Business Continuity Professional in 1993 with the Disaster Recovery Institute
International (DRII). Currently active member in DRII, Contingency Planning Exchange of NYC, Association of Contingency Planners
NYC Chapter, member Worldwide Benchmark Study Group – BC Management. Frequent business continuity conference speaker:
Continuity Insights, Strohl User Group, Disaster Recovery Journal, Association of Contingency Planners.
Philip Bigge (USA Focus) – Philip Bigge is the Vice President for Business Continuity at OneWest Bank, FSB. Philip joined OneWest
Bank in May 2009, continuing his thirteen consecutive years as a leader of international business continuity programs. In his current
role, Philip is responsible for leading business continuity, crisis management, technology recovery, and safety at OneWest Bank. He
has spoken at numerous industry conferences demonstrating how companies can improve their business continuity practices while
decreasing cost to accomplish their goals. Philip holds a Bachelor’s degree from West Chester University of Pennsylvania and is a
Certified Business Continuity Planner (CBCP) from the Disaster Recovery Institute, International.
Linda Klug, MBCP (USA Focus) - Linda Cerni Klug, MBCP, has been in the disaster planning, response and recovery industry for 20
years. Her former employers include the American Red Cross, FEMA, and the United Nations, as well as EMC, Symantec, VERITAS,
and Comdisco. She has developed, implemented, and validated Disaster Recovery and Business Continuity programs for IT
environments, enterprises, and governments. Linda has supported several Fortune 500 clients including United Airlines, Nike,
Microsoft, Northwest Airlines, Charles Schwab, Wells Fargo, and Fidelity Investments.
Jeff Dato, MBCP (USA Focus) - Jeffrey M. Dato has been Vice President of Risk Management and Corporate Real Estate for Pinnacle
Airlines Corp. since January 2010. He is responsible for Enterprise Risk Management, Business Continuity and Emergency Response,
Dangerous Goods, Environmental Protection, Occupational Health and Safety, Workers Compensation, Records Management,
Corporate Real Estate, Physical Security, and Corporate Sustainability for the holding company and its operating subsidiaries Colgan
Air, Inc. Mesaba Aviation, Inc., and Pinnacle Airlines, Inc. Previously at Pinnacle Airlines, Jeff served as Vice President of Risk
Assessment of Data & Reporting
Thank you to BC Management’s International Benchmarking Advisory Board
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 34
Management and Information Technology from November 2006 to December 2009. Prior to joining Pinnacle, Jeff lead advisory
practices for several Big 4 accounting firms where he consulted over 100 domestic and international companies and governments
across a dozen industries in managing and monitoring financial, operational and technology risks. He holds a Bachelor of Business
Administration degree in Accounting and Finance from the College of William and Mary and is one of more than 100 professionals
globally to have obtained a Master Business Continuity Professional (MBCP) certification from the DRI International.
Renata Davidson, ABCP (Eastern Europe Focus) - The co-founder and President of Davidson Consulting LLP- company specializing in
Business Continuity, Risk Management and Business Process Modeling. She has worked with domestic and international companies
to develop business continuity and disaster recovery plans since 1998. Ms Davidson studied at the Warsaw University in Poland and
is one of less than 100 professionals globally to qualify for a Master Business Continuity Professional (MBCP) certification from the
Disaster Recovery Institute (application pending).
Angela Devlen (USA Focus) – Angela is the Managing Partner of Wakefield Brunswick, Inc. a healthcare management consulting firm
and President of Mahila Partnership, a non-profit organization she co-founded in 2008. She has worked with several universities
supporting curriculum development, research and instruction in emergency management and business continuity. A passionate
advocate for humanitarian, healthcare and women’s issues, she has served as an international healthcare disaster preparedness
expert for the ProVention Consortium, held leadership positions on the board of several non-profit organizations, and currently
advises US Federal Agencies, International NGOs, and large Healthcare Systems. Previously, she held positions leading emergency
management and business continuity at Partners Healthcare and Caritas Christi.
Greig Fennell, FBCI (USA Focus) – Director, Business Continuity, Comcast. Recognized leader in the development of enterprise-wide
operational risk and business continuity management programs, including disaster recovery, incident management and crisis
management. He has 20 years of hands-on experience in creating or enhancing management decision making frameworks to
identifying, assess and prioritize company risks and in developing cost effective strategies and solutions to minimize impacts to
supply chains, business operations and services. Greig has been both a consultant to companies and has created and lead ERM and
business continuity programs at three fortune 100 companies. His diverse background includes extensive involvement in
manufacturing, distribution and logistics, the apparel industry, healthcare and telecommunications. He is a results-driven executive
with experience in bringing management teams and technology enablers together to develop cost-effective and risk-tolerant
solutions designed to achieve positive results for companies.
Nathaniel Forbes, MBCI CBCP (Asia Pacific Focus – Based in Singapore) - Director, Forbes Calamity Prevention Pte Ltd
www.calamityprevention.com. Nathaniel is the author of the Calamity Prevention blog, consistently the most interesting online
source of fact and opinion about business continuity and emergency management in Asia. He is also a very controversial speaker and
presenter. He was President of the Asia Council of the International Association of Emergency Managers (IAEM)
www.iaem.com.sg, which administers the worldwide Certified Emergency Manager® (CEM
®) program. Nathaniel is certified as a
Member of the Business Continuity Institute (MBCI) www.thebci.org, and as a Certified Business Continuity Planner (CBCP) by the
DRII. He was President of the Singapore Computer Society’s Business Continuity Group from 1999 to 2001. Nathaniel manages
Forbes Calamity Prevention (FCP) Pte Ltd, which provides business continuity and emergency management training, consulting and
support to multinational companies outside the United States. He has lived and worked in Singapore since 1996.
Gideon For-mukwai, CBCP, CEM (Africa Focus – Based in USA) – Gideon For-mukwai is the founder and Chief Knowledge Facilitator
of XtraMile Solutions, LLC, a resiliency and crisis management training company that helps organizations to build and sustain a
culture of resiliency by understanding the human aspects of disasters. He has conducted training programs for organizations in the
Middle East, South East Asia, Southern Africa and Northern America. A former commissioned fire officer with the Singapore Civil
Defense Force, Gideon is a Certified Emergency Manager. He has worked with clients from industries such as petrochemicals,
pharmaceuticals, hospitality, banking and finance, professional associations and non-profit organizations. He is the immediate past
President of the International Council of the International Association of Emergency Managers (IAEM) and he is the author of Facing
Adversity with Audacity: Thriving in Odds, Obstacles and Opportunities.
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 35
Denis Goulet, CBCP, MBCI (Canadian & European Focus) – Denis Goulet is the President and Founder of ContinuityLink. He is a
recognised expert in the Business Continuity Management field with over 24 years of experience. Since 1999, Denis has provided
BCM training and consulting services to a variety of customers, from all industries, in North America, the Middle-East and Europe.
Denis has the CBCP certification (1992) and the MBCI (2008). In 2007, Denis has created BCMIX, a virtual international Business
Continuity Management community with now over 10,000 members
Prashant Jha, CBCP, BS25999 LA, ITIL V2 service manager (Middle East & India Focus) - A BCM and resilience expert with 8 plus
years of experience in the field of business continuity and IT service management. Extensive exposure to financial/ banking domain.
Prashant recently served as the APAC Business Continuity Manager for Aon. Previously he spent significant time working on develop
a Business resilience frame work for organization to ensure the continuity of business and overall resilience. Prashant is a CBCP from
DRII and a BS25999:2 Certified Lead Auditor from BSI. He is also an ITIL V2 service manager certified by Exin. Recently completed the
assignment with the largest banking group in the United Arab Emirates and is on a look out for new projects.
Alberto Jimenez, CBCP, PMP (Latin America Focus – Based in USA) - Alberto is a Certified Business Continuity (CBCP), and project
management (PMP) professional with over fourteen years of experience in technology and risk management consulting. Alberto has
supported leading organizations in industries such as banking, insurance, energy, manufacturing, and telecommunications and has
helped organizations in several countries including USA, Mexico, Guatemala, Peru, Venezuela, Spain, Germany, Egypt and Thailand.
Alberto specializes in Business Continuity, Crisis Management, disaster recovery, pandemic preparedness, project risk management,
and audit solutions. Prior to joining SunGard, Alberto was the director and founder of MiaTomi, LLC; a former associate director with
Protiviti, and manager at Accenture
Takashi Kase (Japan Focus) – Takashi is an expert in business continuity and security solutions and he is an active professional in
growing the business continuity field throughout Japan. Prior to entering the business continuity profession, Takashi served as a
Senior Engineer for Japan Manned Space Systems and a Liaison, Flight Control Team Lead Trainee with NASA. He received his MBA
from the Thunderbird School of Global Management and his BS degree in Electrical Engineering from Shibaura Institute of
Technology.
Sohail Khimani, CBCP, MBCI (Middle East Focus) - Sohail Khimani is a BCM/ERM expert and a dynamic professional in developing
the BCM/ERM disciplines throughout Pakistan and in the Middle East region. With over 12 years of industry experience both
nationally and globally within sectors ranging from banking and finance industry, telecommunications, IT & management
consultancy, pharmaceuticals and manufacturing, Sohail is currently heading BCP & DR implementation at KASB Bank – banking arm
of KASB Group – specializing primarily in investment banking, research, brokerage, asset management, Islamic finance and
commercial banking. In addition, Sohail is affiliated as specialist BCM Educator with various institutions and Country Representative
at International Association of Emergency Managers (IAEM). He is also a part of instructor cadre of Disaster Recovery Institute (DRI)
International and upholds CBCP and MBCI Certifications. He also actively contributes articles on BCM discipline, being published by
local and international associations. Sohail was awarded gold medal in his MBA (Finance) from Greenwich University in 2010.
Roger King, MBCI (Asia Pacific Focus – Based in Australia) - Roger V King is currently a Service Continuity Manager with BPAY and
previously a Solution Architect in Global Sales Support with EDS Australia (now HP), has a Bachelor of Information Technology
degree and has been a Member of the Business Continuity Institute since 2003. Roger is also certified to ITIL Foundations level and a
certified Quality Auditor. Since 2005 he has been working closely with the EDS sales team responding to new and add-on business
opportunities in the IT disaster recovery and business continuity disciplines. From 1997 to 2005 Roger was a Senior Consultant in
business continuity management with EDS Australia. Prior to 1997 Roger was a Program Manager in Commonwealth Bank of
Australia with responsibility for Operational Risk management and Smartcard implementation.
Ann Pickren (USA Focus) – With over 20 years of experience in business continuity and IT Disaster Recovery, Ann Pickren serves as
the Vice President of Solutions for MIR3. As an expert in business continuity/disaster recovery, crisis management and supply chain
management she brings her vast industry expertise to clients to advise them on the implementation of enterprise notification
solutions from MIR3. Previously, Ms. Pickren served as Executive VP at Firestorm Solutions, overseeing the development of business
continuity and crisis management methodology and delivery of client services. She also had responsibility for training and supporting
the Firestorm franchisees. Prior to Firestorm, Ann spent 20 years working with Comdisco and SunGard, in executive management
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 36
positions within consulting and software products. During her tenure at Comdisco and SunGard, Ann was an early adopter of
notification enablement for enterprise solutions. She is well-known for her achievements at SunGard, where she was responsible
for, business continuity application software solutions, business development, consulting engagement delivery and the management
of professional staff. Ms. Pickren is a member of the Organizational Resilience Maturity Technical Committee within ASIS
International and is member of the DRJ Executive Council. She earned her MBA from Georgia State University with a focus on math
and statistics in her undergraduate studies.
Jayaraj Puthanveedu, CISSP, CISA, MBCI, CGEIT, ITIL (India Focus) - Jayaraj Puthanveedu currently serves as a Head of Corporate
Security, Operational Risk and Business Continuity at Deutsche Bank and previously served as the Head of CSBC - India and Sri Lanka
at Deutsche Bank, responsible for a portfolio comprising Operational Risk, Business Continuity, Crisis Management, Corporate
Security, Anti Fraud Unit, Protective Intelligence and CERT. Prior to joining Deutsche Bank, he worked with Northern Trust Bank as
the APAC Head of Business Continuity with additional responsibilities for Corporate Operational Risk activities in India. In the past,
Jayaraj has held various senior management and technical positions at Goldman Sachs and Cable & Wireless in the areas of Business
Continuity, Information Security, and Technology Risk etc.
Wang Qi, CBCP (Asia Pacific Focus – Based in China) - Jason Wang (Wang Qi), Vice president and Principle Consultant of Global Data
Solutions Limited. first Certified Business Continuity Professional in China, author of several national and industrial BC/DR standards
and guidelines in China, years of experience in providing Crisis Management, Disaster Recovery and Business Continuity
Management for banks, insurance companies, securities firms, aviation, manufactory, multi-national enterprises and government
agencies in Asia.
Jerome Ryan, CBCP (USA Focus) - Jerome Ryan is a Senior Manager with Pfizer’s Worldwide Business Continuity Management
group. In this capacity he is responsible for partnering with Pfizer divisions to implement business continuity management programs
globally. Jerome has also worked at Marsh Inc. in their Risk Consulting Practice and PricewaterhouseCoopers in their Global Risk
Management Solutions (GRMS) consulting practice. He is currently the Vice Chairman and member of the Board of Directors at
Disaster Recovery Institute International (DRII) where he is responsible for promoting education, certification and awareness
globally. He has a Bachelor of Science degree with concentrations in Finance, Management Information Systems and Marketing from
Syracuse University. He is currently pursuing his Masters of Business Administration (MBA) degree at Syracuse University's Whitman
School of Management.
Kenny Seow, CBCP (Asia Pacific Focus – Based in Australia) - Kenny Seow has over 20 years of international experience in disaster
recovery, business continuity and crisis management in banking, securities, logistics and government. He runs his own consultancy
practice, Contingency Solutions Pty Ltd, and is presently contracted with the Western Australian (WA) Government to provide risk
management and business continuity support, training and advisory services to government agencies. Prior to this, Kenny was the
Director and Regional Head of BCM in Deutsche Bank AG with responsibilities for developing and implementing the bank’s BCM
program across 16 countries in Asia Pacific. He has also held senior positions in Sema Group Asia Pacific and Hitachi Data Systems
where he managed the services of a commercial disaster recovery facility, and in PricewaterhouseCoopers where he was responsible
for consulting services in disaster recovery and business continuity. He is the current BCI Area Representative for Western Australia
and volunteer with the WA State Emergency Service.
David Spinks (European Focus – Based in United Kingdom) – EMEA, Operational Risk Sales Support Executive. Responsibility for
Operational Risk (Security and Business Continuity) capabilities in the sales process including specification, design and
implementation of Security and Business Continuity Management in large scale complex global IT and BP Outsourcing deals. My
clients include Energy, Telecommunications, Transportation and Financial Services organisations. Our services in this area includes
provision of work area recovery sites across 40 countries, 200 data centres and another 400 service sites including business
operations from call centres to operation of emergency services and support for UK MoD and US DoD. Worldwide we have over
2,000 experienced and qualified security staff many of whom are also BCI or DRI certified.
Thomas Wagner, CBCP (USA Focus) Tom has over 25 years’ experience as a business continuity and risk management expert in the
Financial Services Industry. Tom is currently BCM Head at Direct Edge, the world’s fourth largest stock exchange. During his career,
Tom has worked with large global companies in over 25 countries around the world to build robust and sustainable risk
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 37
management and business continuity programs. Tom has extensive global experience in the public sector as well having served on
the White House Critical Infrastructure Protection Commission which explored ways to protect the financial services industry from
terrorism.
A special thanks to our sponsoring organizations that assisted in translating our study. Without these organizations the study may
not have been available in Chinese, Japanese and Spanish.
Distributing Organizations
BC Management also greatly appreciates the efforts of those organizations that assisted in this global effort. Below is a list of
participating organizations that assisted in distributing our annual study. The contribution of each individual organization does not
indicate an endorsement of the study findings or the activities of BC Management, Inc. This is NOT a complete list of distributing
organizations.
Associations
Business Recovery Association of Virginia
B.R.A.V.
Thank you to our sponsors and organizations that assisted with this global effort
Global Data Solutions LTD
Sponsored the Chinese translation
Risk Managers and Consultants Association
Sponsored the Japanese translation
BCMIE Australia Inc. –
www.bcmie-australia.org
MiaTomi
Sponsored the Spanish translation
Business Recovery Association of Virginia
Association of Contingency Planners –
www.acp-international.com
www.bcmie-australia.org
Association of Risk Management - Japan –
www.arm.gr.jp/
www.bcmie-australia.org
Business Recovery Managers Association –
www.brma.com
www.bcmie-australia.org Business Recovery Planners Association of Southeastern Wisconsin –
www.brpasw.com
www.bcmie-australia.org
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 38
Certifying Organizations
– www.thebci.org
BCI Asia BCI Australia BCI Brazil BCI Canada BCI India BCI Japan BCI Spain
– www.drii.org
– www.dri-australia.org – www.dri.ca – www.dri-malaysia.org – www.dri-singapore.org
Canadian Centre for Emergency Preparedness –
www.ccep.ca/
www.bcmie-australia.org
Contingency Planners of Ohio –
www.cpohio.org
www.bcmie-australia.org
TVBCP
Treasure Valley Business Continuity Planners –
www.tvbcp.org
www.bcmie-australia.org
Contingency Planning Exchange –
www.cpeworld.org
www.bcmie-australia.org
Disaster Recovery Information Exchange –
www.drie.org
www.bcmie-australia.org
MidAmerica Contingency
Planning Forum
Midwest Contingency Planners –
www.midwestcontingencyplanners.org
www.bcmie-australia.org
NorthEast Disaster Recovery Information X-Change –
www.nedrix.com
www.bcmie-australia.org
South East Business Recovery Exchange –
www.sebre.net
www.bcmie-australia.org
– www.eei.org
wworg
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 39
– www.iaem.com – www.theicor.org
Business Continuity/Disaster Recovery Service Providers
– www.allhands.us – www.avalution.com
– www.bcpasia.com – www.continuityleadership.com
– www.continuitylink.com – www.sdr.com.mx
– www.ehdf.com – www.firestorm.com
– www.calamity.com.sg – www.fusionriskmgmt.com
– www.ketchconsulting.com
– www.sirius-tech.it
– www.rentsysrecovery.com
– www.wakefieldbrunswick.com
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 40
e-Groups
B2-ORM Yahoo e-group – Operational Risk Managers in Financial Services – http://groups.yahoo.com/group/B2-ORM/summary
– LinkedIn e-group – https://www.linkedin.com/e/gis/1471/63914B08AE56/
UK-BCP Yahoo e-group – http://finance.groups.yahoo.com/group/uk-bcp/
Periodicals/Media
– www.contingencyplanning.com – www.continuitycentral.com
– www.continuityinsights.com – www.drj.com
– www.disaster-resource.com
Universities/Colleges
– www.norwich.edu
BC Management, Inc., founded in 2000, is an executive staffing and research firm solely dedicated to the business continuity,
disaster recovery, risk management, emergency management, crisis management and information security professions. With
decades of industry expertise, our staff has a unique understanding of the challenges professionals face with hiring, benchmarking
and analyzing best practices within these niche fields.
BC Management’s Complimentary Research - BC Management has been collecting data on the factors that impact compensations
and business continuity programs since 2001. To download our current complimentary reports please visit
www.bcmanagement.com.
We Value Your Comments - Thank you for participating in our annual study. Your contribution adds value to our comprehensive
reporting and allows us the opportunity to assess industry trends. Please share any comments or suggestions on how we can
improve at info@bcmanagement.com.
About BC Management, Inc.
BCPDRPIndia – Yahoo e-group – http://finance.groups.yahoo.com/group/BCPDRPIndia/
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 41
As a result of our advancement in reporting technology with World APP Key Survey, BC Management is able to offer a true
benchmarking service exclusively for the business continuity management profession. Our benchmarking service includes a report
(similar to this report) customized to your specific filters used to drill down to the data points that compare to your compensations
or program planning initiatives. As a part of our benchmarking service, BC Management is also offering a business intelligence
dashboard technology in which you will receive all the data points (based on your filter specifications) for further independent
assessment. This technology will allow your organization to further assess the data within a flexible, intelligent, user friendly format.
COMPENSATION RESEARCH DATA:
Benefits of Our Customized Compensation Benchmarking Service
Saves time and money in assessing compensations for current and future personnel. Provides a fair comparison on compensation bands based on expertise, degree, certification and geography. Assists in retaining current personnel based on compensations in the same geography and job title.
Filters Available to Customize Your Compensation Report
Employment Status – may choose from full-time permanent, part-time permanent, independent contractor and unemployed.
Geography – may choose country, state/providence, or city.
Job Title/ Position – may choose from a selection of job titles.
Discipline – may choose multiple disciplines that are managed with the program (17 to choose from).
Years of Experience – may choose from an experience band of your choice.
PROGRAM MANAGEMENT RESEARCH DATA:
Benefits of Our Customized Program Management Benchmarking Service
Allows you to assess the maturity of your business continuity program focusing on industry best practices, dedicated staff, budget breakouts, reporting structure, vendor utilization, program activation and much more.
Provides assistance in presenting business case objectives to your executives to substantiate and expand your program. Prioritizes key initiatives in elevating the maturity of your programs. Assists in building a road map to advance your program and meet your goals. Makes you more efficient by eliminating the need to do research on your own. Provides an unbiased source on how your company compares to the industry; specifically other “like” organizations, which
can be used to support your recommendations.
Filters Available to Customize Your Program Management Report
Industry – may choose more than one industry. Company Revenue – may choose a revenue band of your choice. Number of Employees – may choose a selection from number of company employees. Number of Locations – may choose a selection from number of company locations in either operational and/or retail
interfacing. Geographic Distribution – may choose multiple countries as well as how the company locations are dispersed (global, multi-
country, one country, regionally within one country, statewide or citywide). Disciplines within program – may choose multiple disciplines that are managed with the program (17 to choose from). Scope of program – may choose a combination of the following: global, multi-country, one country or regionally within one
country. Maturity Rating of Program – may choose on a scale of 1 to 5 with 1 being Very Immature and 5 being Very Mature (please
note this is a self rating by the study participant).
Customize Your Compensation and/or Program Management Benchmarking Report
Copyright ©2012 BC Management, Inc. An Exclusive Board Review Confidential to BCM Study Respondents Page 42
Names of Organization – may choose a list of company names that have participated in our study and completed the program management portion of the study. Please keep in mind that not all respondents indicated their company name. Many respondents kept their organizational name private. Also, not all study respondents qualified for the program management portion of the study. Only those respondents who managed a program were encouraged to participate in the second section of the study. ALL RESPONDENT CONTACT INFORMATION IS KEPT CONFIDENTIAL AND IS NEVER REVEALED!
Inquiries
For more information or to order a report please email us at info@bcmanagement.com or call us at (714) 969-8006 or toll free
within the United States (888) 250-7001
Complimentary Report Exclusively for Study Respondents
This is a complimentary report that is exclusive only to those professionals who contributed to BC Management’s 10th
Annual
Business Continuity Management study. This report is not meant for general distribution. Any distribution of this report or
reference to any information enclosed within this report is prohibited unless approved by BC Management, Inc.