Breakout Track 6

Wednesday, September 22, 2021, 9:15 a.m. – 10:15 a.m.


Apply Your COVID-19 Learnings to Your BC, CM & CC Plans NOW, BEFORE You Lose Them!

Wednesday, September 22, 2021
9:15 a.m. – 10:15 a.m.

Regina Phelps, EMS Solutions Inc.

Each of us has learned a lot during the first year of the pandemic. As we reflect back, for many of us, it might all be a big blur! Did you capture notes, improvements and issues that will need to be changed in your plans going forward? Did you prepare an after-action report (or more than one!) that captured the key learnings? It is critical that you and management devote some quality time to add those improvements into your plans and processes.

You could consider basic project management principals to turn these learnings into more effective and robust plans going forward. This will require that your first review the pandemic lessons learned and compare those to what you have documented in your plans. Then you will want to apply and include those lessons into your plans, seek approvals as necessary and then provide training and exercises to bring your teams up to speed with the new processes and plans.

This session will talk about how to capture and apply lessons learned from the COVID-19 pandemic into your plans. We will also share with you many of the challenges our clients faced over the last year as well as some of their solutions. Hopefully the crises we face going forward will not be as devastating as the COVID-19 pandemic. These learnings and experiences are like gold and will help us build even more resilient programs, plans and teams.

Topics Covered:

  • What were the big takeaways from the pandemic? What’s in your after-action report?
  • After-action reports and how to use them to build your program
  • Building support and engaging your continuity steering committee
  • Planning and working with other company sites to ensure continuity
  • Planning for crises when remote work is a part of your daily work environment

About Regina Phelps
Regina Phelps is an internationally recognized thought leader in the field of emergency management, pandemic & contingency planning. Since 1982 she has provided consultation, training & speaking services to clients on five continents and is the author of three books.


Cybersecurity Partnership: A Force Multiplier for Resilience

Wednesday, September 22, 2021
9:15 a.m. – 10:15 a.m.

Jamie Sanderson Reid, The AES Corporation
Malcolm Reid, Brison LLC

Cybersecurity plays a critical role in managing the likelihood and impact of loss event scenarios related to availability, such as outages of key business systems due to cybercriminals performing a ransomware attack via a phishing e-mail.

This session will explore ‘a risk-based approach to availability of systems and data’ as the nexus of partnership between Business Continuity/Disaster Recovery (BC/DR) professionals and Cybersecurity professionals. This partnership can act as a Force Multiplier to improve the overall resiliency of your organization, which is a critical success factor in today’s dynamic threat landscape.

The NIST Cybersecurity Framework is arranged around five functions: 1) Identify 2) Protect 3) Detect 4) Respond 5) Recover. The framework can help improve communication and collaboration around cybersecurity capabilities. The functions provide a useful reference to consider areas for Cybersecurity and BC/DR collaboration for improved avoidance, response and recovery with regards to cybersecurity incidents impacting availability of key business systems and data. We’ll deep dive into Response, which typically proves to be a challenge in terms of collaboration and provides opportunities for continuous improvement, with practical actions that can be taken to prepare for a well-coordinated response.

About Jamie Sanderson Reid
Jamie Sanderson Reid is a cyber resilience professional committed to helping organizations improve their level of resilience through empowering people, simplifying processes, and leveraging technology. She holds the CISSP, CCSP, CRISC, CPP, and MBCI certifications.

About Malcolm Reid
Malcolm Reid, FBCI CBCP, CPP, is a globally recognized thought leader and trusted advisor in the Cyber Resilience, Security and Business Continuity space. In 2018 he was listed by IFSEC Global in the Top Ten Most Influential Security Thought Leaders in the World and in 2020 he was awarded the Continuity and Resilience Contributor of the Americas award attesting to his valuable contributions in his field. In 2017 and 2019, he was also a finalist for the Business Continuity Institute’s Personality of the year for the Americas region.

Malcolm currently heads Brison LLC, a risk management consulting practice, based in Virginia, USA. He has executed enterprise risk assessments, security master plans, fraud risk assessments, and business continuity program development for a number of large, global and complex organizations. At a country level, he has also completed the comprehensive Assessment, Ranking, & Mapping of the entire critical infrastructure network of an energy producing nation.


How Difficult Times Create Resilient People and Organizations

Wednesday, September 22, 2021
9:15 a.m. – 10:15 a.m.

Patrick Potter, Archer

Notwithstanding the real suffering that people have experienced during the pandemic, many lessons have been learned on both organizational and personal levels from not only the pandemic, but from associated disruptions to people, supply chains, technology, the economy, geopolitics and more.

Attend this session to learn about lessons both people and organizations have learned from the worldwide crisis, and how personal and operational resilience parallel each other in many ways.

Patrick has over 30 years’ experience leading risk management, operational resiliency, compliance, internal audit, third-party management, strategic planning and process improvement in both practitioner and consulting roles. He has developed a unique perspective working with analysts, partners and customers spanning many industries including financial services, healthcare, government, energy, education, and travel and hospitality.

He has been a speaker for the Institute of Internal Auditors, Disaster Recovery Journal, RSA Archer Summit, Financial Executives Networking Group, Association of Continuity Planners, Audit World and the Information Systems Audit and Control Association. Patrick has also contributed thought leadership articles for such publications as Continuity Insights, Internal Auditor Magazine, SC Magazine and Disaster Recovery Journal.

About Patrick Potter
Patrick Potter is a subject matter expert for Archer where he provides strategic input into the development of the Archer Suite and works with customers on best practices.


Risk Culture and Operational Resilience

Wednesday, September 22, 2021
9:15 a.m. – 10:15 a.m.

Lynnda Nelson, ICOR

Risk culture refers to the mindset and behavioral norms that determine how an organization identifies and manages risk. A healthy risk culture is more important than ever in a post-pandemic world. Long term a healthy risk culture is a critical element of resilience against risk.

A healthy risk culture is also an enabler of more dynamic and flexible risk management. This presentation will explore how to set up an effective risk culture program and how to build a more dynamic and flexible approach to managing risk and increasing operational resilience.

About Lynnda Nelson
As founder and the President of ICOR, Lynnda Nelson manages ICOR’s education and credentialing programs. She is an expert on international standards for business continuity, crisis management and communications, organizational and community resilience.


Friend or Foe? Business Continuity and Enterprise Risk Management

Wednesday, September 22, 2021
9:15 a.m. – 10:15 a.m.

James Green, Origami Risk

With a global pandemic and skyrocketing cases of ransomware, many BC professionals have spent the last two years discussing how business continuity should be more aligned with cybersecurity and vendor risk management departments in order to better mitigate risks.
But what about Enterprise Risk Management (ERM)? Many people think that ERM only has to do with financial risks, or that ERM is only relevant in the financial services sector. Some BC professionals even find that the resources devoted to their organization’s risk register takes time away from, or is even an obstacle to, business continuity planning.

But when done right, leveraging the data and insights gathered from ERM can actually act as a catalyst for your BC program. But it’s not as simple as just putting everyone onto the same zoom call! In this session we will discuss why and how ERM and BC should be aligned, the benefits your BC program can receive from ERM, and pitfalls to avoid when working with ERM.

About James Green
James Green is a sought-after global speaker on risk and resilience. In 2020 he was named the Business Continuity Institute’s Continuity and Resilience Consultant of the Americas, becoming the first person to be honored with this award twice.