Prepared by BC Management & BC Management’s International Benchmarking Advisory Board July XX, 2009 Prepared by BC Management, Inc. - October 2010 Business Continuity Program Management Benchmarking Report - SAMPLE REPORT Benchmarking. Plan Ahead. Be Ahead.
56
Embed
Benchmarking Report SAMPLE REPORT - BC · PDF fileBusiness Continuity Program Management Prepared by BC Management & BC Management’s International Benchmarking Advisory Board July
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Prepared by BC Management
& BC Management’s
International Benchmarking
Advisory Board
July XX, 2009
Prepared by BC Management, Inc.
- October 2010
Business Continuity Program Management Benchmarking Report
Introduction 4 Reporting History 4 Study Methodology 4 Assessment of Data & Reporting 5 Participant Data & Respondent Characteristics ~ An overview of respondent characteristics. 5-9
Business Continuity Program Management Awareness Study Topics 10-52
Maintain and foster relationships with other external organizations 12
Integration of program with other organizational disciplines 12-14
Status of current program 15-16
Assessment of program expenses, average full-time and part-time employees, average number of disciplines managed in program and average maturity rating by country
16
Budgeting
Budgeting of expenses within organization 16-17
Items included in the budget, percent of total budget and monetary budget amount per item 17-18
Budget revisions 18
Anticipated increase/ decrease by individual budget line item 18
Personnel
Current dedicated personnel 19
Hiring initiatives for the next year 20
Reduction of full-time, permanently employed personnel in the next year 21
Primary reason behind a reduction in force in the next year 21
Organizational Reporting Structure
Positioning of program for maximum visibility within organization 22
Change to department owner being considered 22
Department owner by program maturity 23
Department owner being considered for a change or department owner preferred 23-24
Program Sponsorship
Assessment by job title on who is totally engaged and sponsoring the program 24
Sponsor of program by program maturity 25
Sponsor’s level of engagement if a chief officer level or above 26
Sponsor’s level of separation from the executive committee 26
Change to level of sponsorship being considered 26
Level of sponsorship being considered for a change or level of sponsorship preferred 27
Program Assessment and Exercising Plans
Reviewing and updating the business impact assessment (BIA) 28
BIA by program maturity 28-29
Leverage the outcome of the BIA and/ or risk assessments to elevate the program 29
Exercising the plans 30
Exercise the plans for mission critical IT assets, mission critical business functions, less critical IT assets, and less critical business functions
Contingency program’s point of failure to a point of availability/ up time for the service 35
Estimated financial loss per hour by downtime 35
Technology Recovery Solutions – Internal or External
Utilization of third-party hot site/ alternate site technology providers 36-37
Considering an internal recovery capability 37
Change to the technology recovery solution in the previous two years 37-38
Change to the technology recovery solution in the next year – technology recovery solutions being considered and estimated budget
38
Cloud Computing
Consideration of cloud computing in the next year 39
If yes, rate the factors in your decision making process 39
Consulting Initiatives
Utilization of contractors 40
Longest engagement time for a contractor 40
Consulting work anticipated in the next year 41-42
Vendor Utilization
Utilization of software planning tools 43-44
Consideration software tools in the next year and estimated budget 44
Utilization of automated notification tools 45-46
Consideration automated notification tools in the next year and estimated budget 46
Utilization of mobile recovery solutions 46-47
Consideration mobile recovery solutions in the next year and estimated budget 47 Managing Dispersed Offices
Accountability of offices/ facilities outside current location under existing program 48
Assessment of managing the business continuity program for dispersed offices/ facilities 48
Reasons for Planning, Regulatory Requirements & Organizational Certification
Primary reasons for developing and maintaining a program 49
Regulatory requirements and/or standards to model program after 49-50
Obtaining an organizational certification in a standard 51
Consideration of becoming certified in an organizational standard 51-52
Thank you to BC Management’s International Benchmarking Advisory Board 52 Thank you to our Sponsors and those Organizations who Distributed the Study and/or Report 52-54 About BC Management, Inc. & Where to Download Complimentary Reports 55 Customize a Report Exclusively for your Organization 55-56
Confidential Report
This is a confidential report. As such, the information within this report should not be shared outside the
organization that requested and purchased the research data. This report is not being distributed as a
complimentary report among the profession. Please contact BC Management if you would like to share or site any
Since 2001 BC Management, Inc. has been gathering data on business continuity management programs and compensations to provide
professionals with the information they need to elevate their programs. Each year our organization strives to improve upon the study
questions, distribution of the study and the reporting of the data collected. Below is a timeline detailing BC Management’s eight years of
business continuity reporting expertise.
* The advisory board is composed of 20 international thought leaders coming from the United States of America, Canada, Latin America, the United Kingdom, Singapore, Australia, China, Japan, and India. Our board encompasses not only business continuity, but also risk management, emergency management, high availability and environmental health and safety.
The on-line study was developed by the BC Management team in conjunction with the BC Management International Benchmarking
Advisory Board. WorldAPP Key Survey, an independent company from BC Management, maintains the study and assesses the data
collected. The study was launched in March of 2010 and the study remains open for the duration of 2010. Participants were notified of the
study primarily through e-newsletters and notifications from BC Management and from many other industry organizations. A full list of
participating organizations is included within this report. The study has been translated in 5 languages and it accommodates professionals
who are permanently employed on a full-time or part-time basis, self-employed as an independent contractor or unemployed.
Respondents receive a unique path of branching questions, which is dependent upon their experience and employment status. The
advanced study is coded with extensive JAVA script to ensure a correct question branching path and to eliminate unintelligible data. The
comprehensive study is comprised of two sections spanning over 100 questions. The first section focuses on the factors that impact
compensations within the business continuity and related professions. The second section focuses on the business continuity program
management initiatives, which includes budgets, dedicated personnel, organizational reporting structure, maturity of the program,
exercises, auditing, vendor utilization, program activation during an event and much more. Respondents to the study have the option to
complete one or both sections. Only those respondents who manage a program within business continuity or a related discipline qualify to
complete the program management portion of the study. All participants are given the option of keeping their identity confidential.
Reporting History
Study Methodology
Thank you for purchasing BC Management’s Business Continuity Program Management Benchmarking Report. This report
is designed to give your organization a picture of how other organizations are approaching their business continuity
planning initiatives without any customization relating to your specific organization. The data within this report will be
instrumental in assessing/elevating your business continuity management program.
This report is meant only for the individual who purchased the report. Do not distribute outside of your organization.
BC Management is continuously reviewing and verifying the data points received in the study. Data points in question are confirmed by
contacting the respondent that completed that study. If the respondent did not include their contact information, than their response to
the study may be removed. With our eight years of expertise in collecting and assessing such data points, BC Management has an
exceptional understanding of what is considered questionable or unintelligible data.
WorldAPP Key Survey built a customized reporting tool for BC Management, which enables us to prepare customized benchmarking reports based on a client’s request. The result is a report that provides a unique understanding on how your program compares to competitors or other similar organizations. Before creating the customized report, we verify the filters selected by the client and confirm the number of respondents that will be included in their customized report. The charts and tables are instantaneously created once the client agrees to the framework of the report. The client receives a PDF document as well as a business intelligence dashboard for further assessment. The business intelligence dashboard allows the client to further assess the data points within their customized report in a dynamic, user friendly interface. Study respondent contact information remains confidential and is never revealed. The charts and graphs will reflect what respondents answered in the study. If a selection within a question is not selected it will NOT be included in the results.
2,043 study participants from 50 countries as of October 1, 2010. Incomplete/ partial study responses were included as appropriate within
the report. Study was divided into 2 sections.
Business Continuity Compensation – 1,874 study participants completed the compensation section from 57 countries.
Business Continuity Program Management – 912 study participants completed the program management section from 39 countries. Incomplete study responses were included within this report along with the completed responses.
Complete responses were received from the following countries: Australia, Bahrain, Bermuda, Brazil, Canada, Cayman Islands, China, Costa-Rica, Egypt, Finland, France, Germany, Greece, India, Indonesia, Ireland, Israel, Italy, Japan, Jordan, Kenya, Kuwait, Luxembourg, Malaysia, Mauritius, Mexico, Netherlands, New Zealand, Nigeria, Pakistan, Philippines, Poland, Russia, Saudi Arabia, Singapore, Switzerland, United Arab Emirates, United Kingdom, and United State of America.
USA Respondent Characteristics = 1,364 Study Respondents
Company Revenues span from non-profit/ government to over $400 Billion USD.
Study respondents span over 45 industries.
Average Number of Company Locations (Corporate/ Operational) = 16-25 Company Locations span from 0-5 Locations to more than 10,000.
Average Number of Company Locations (Retail/ Customer Interfacing) = 26-50 Company Locations span from 0-5 Locations to more than 10,000.
Average Number of Employees = 5,000 – 10,000 Company Employees span from 0-5 to more than 400,000.
Majority of respondents (60%) managed 5+ disciplines within their program.
objectives, operational and enterprise risk management
and crisis management plans.
xx.xx% xx.xx% xx.xx% xx.xx% xx.xx% x.xx%
Currently conducting BIA or risk assessments. xx.xx% x.xx% xx.xx% xx.xx% xx.xx% xx.xx% Currently developing and implementing BC and/or IT DR
plans that meet the needs of the organization. xx.xx% x.xx% xx.xx% xx.xx% xx.xx% x.xx%
Currently assessing an Emergency Operations Center. xx.xx% x.xx% xx.xx% xx.xx% xx.xx% x.xx% Currently implementing an Emergency Operations
Center. xx.xx% x.xx% xx.xx% xx.xx% xx.xx% xx.xx%
A full functioning Emergency Operations Center is in
place. xx.xx% x.xx% xx.xx% xx.xx% xx.xx% xx.xx%
Policies and procedures are in place to interact and
coordinate with external agencies in times of a disaster. xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
A Crisis Management process and plan is in place. xx.xx% x.xx% xx.xx% xx.xx% xx.xx% xx.xx% A Crisis Communications program is in place. xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx% Considering conducting an enterprise risk assessment for
the board and/ or senior management. xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Currently conducting an enterprise risk assessment for
the board and/ or senior management. xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Incorporated a full enterprise risk management program
with controls in place to avoid or mitigate potential risks. xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Implemented a full functioning, corporate wide BCM
program that meets the organization’s contingency,
resiliency, risk management, emergency management
and crisis management needs.
xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Implemented an awareness and training program to
promote and educate the entire organization on the BCM
program.
xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Maintain an assessment and audit schedule of the BCM
program to ensure the program is up to date and
complete.
xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Maintain an exercise schedule in order to identify new
potential vulnerabilities or weaknesses in the current
BCM program. Analyze findings to elevate the program.
xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Currently developing a pandemic preparedness policy. x.xx% x.xx% xx.xx% xx.xx% xx.xx% x.xx%
Please choose all that apply to describe your organization’s current continuity program status under your direction and management. Please check all that apply. (An assessment of USA respondents.) * “% of Resp” column will exceed 100% due to multiple selections.
A full functioning executive/leadership transition is in
place. xx.xx% x.xx% x.xx% xx.xx% xx.xx% xx.xx%
Highlighted figures indicate the highest figures in each column by program maturity.
Indicates areas of improvement. Highlighted percent figures represent the highest percent for each selection of program status.
Program Maturity Rating Avg Budget
Avg Total FTE
Avg Total PTE
Avg Number of Disciplines in
Program Very Immature $xxx,xxx USD xx xx xx Immature $x,xxx,xxx USD xx xx xx Average $x,xxx,xxx USD xx xx xx Mature $x,xxx,xxx USD xx xx xx Very Mature $x,xxx,xxx USD xx xx xx
33.33%
33.33%
33.33%
Budgeting of Program Expenses
Program expenses are allocated independently f rom other functions
within the organization.
Program expenses are allocated to other department(s).
Program expenses do NOT have a def ined budget.
An assessment of the average business continuity management budget (approximate/ estimated
expenses spent), average number of dedicated full -time and part-time personnel, average
number of disciplines managed in a program and the average p rogram maturity rating by
country. (An assessment of USA respondents.)
Describe how continuity program expenses are budgeted under your direction and management?
* All questionable or incomplete budget information was verified by directly contacting the study respondent. Questionable data responses that couldn’t be
confirmed were removed.
“Other” budget line items as noted by study participants: Budget covers Information Security, Emergency Supplies, Generator and UPS Maintenance, Other vendor costs to support BC programme, Emergency
Supplies, Supplies, Recruitment, vaulting, Response equipment, EOC Equipment repair and replacement, preparedness, general office expenses, Disaster Response Unit, PT Internal Staff, hardware, Conferences, part time staff, training for direct staff, BIA, Automation. Note: Full time internal staff budget not included, Telecommunication + equipment, Alternate Communications, no central budget, is down to each country operating officer to sign off on, Continuous Education, conferences, certifications, Supplies, documentation, Miscellaneous, Off site, training, storage and archiving, Insurance, Emergency supplies, 1-5% of the work time of 18 divisional representatives, contractor to be hired, unknown budget, Development of a DR solution, Supplies and Equipment and maintenance, hardware, public relations\ advertising and Disaster Response Equipment and Supplies.
Budget Item Increased Decreased Unchanged Not Sure Full Time Internal Staff xx.xx% x.xx% xx.xx% x.xx%
Disciplines – Current Personnel Avg FTE Avg PTE % of Resp Multi-Discipline xx xx xx.xx%
Audit xx xx x.xx%
Business Continuity Process (Business Focus) xx xx xx.xx%
Compliance xx xx x.xx%
Crisis Management xx xx xx.xx%
Disaster Recovery Process (IT Focus) xx xx xx.xx%
Emergency Management xx xx xx.xx%
Facilities Management xx xx x.xx%
Health & Safety – Occupational xx xx x.xx%
Health & Safety - Environmental xx xx x.xx%
Information Technology xx xx x.xx%
Pandemic Planning xx xx xx.xx%
Records Management xx xx x.xx%
Risk Management – Enterprise xx xx x.xx%
Risk Management – Insurance xx xx x.xx%
Risk Management – Operational xx xx xx.xx%
Security – Information xx xx x.xx%
Security – Physical xx xx x.xx%
Other xx xx x.xx%
Average Total XX XX
Average number of discipline FTE and PTE staff is the average only for those study respondents that indicated managing that specific discipline in their
program and having staff dedicated to that discipline.
Personnel
Table shows a correlation between two different questions. First Question – Please specify all
the disciplines that you personally manage. Select all that apply. Second Question - If you
personally manage more than one discipline within your program, please indicate how many
full-time employees (FTE) and/ or part-time employees (PTE) you have dedicated to your
continuity program? Please confirm that the number below is the total FTE and PTE headcount
for all locations under your direction and management. (Auto -sum function built into study.)
Disciplines – Hiring Personnel Avg FTE Avg PTE % of Resp Multi-Discipline xx xx xx.xx%
Audit xx xx x.xx%
Business Continuity Process (Business Focus) xx xx xx.xx%
Compliance xx xx x.xx%
Crisis Management xx xx xx.xx%
Disaster Recovery Process (IT Focus) xx xx xx.xx%
Emergency Management xx xx xx.xx%
Facilities Management xx xx x.xx%
Health & Safety – Occupational xx xx x.xx%
Health & Safety - Environmental xx xx x.xx%
Information Technology xx xx x.xx%
Pandemic Planning xx xx xx.xx%
Records Management xx xx x.xx%
Risk Management – Enterprise xx xx x.xx%
Risk Management – Operational xx xx x.xx%
Security – Information xx xx x.xx%
Security – Physical xx xx x.xx%
Other xx xx x.xx%
Average Total XX XX
Average number of discipline FTE and PTE staff of anticipated hires is the average only for those study respondents that indicated managing that specific
discipline in their program and having staff dedicated to that discipline.
Table shows a correlation between two different questions. Firs t Question – Please specify all
the disciplines that you personally manage. Select all that apply. Second Question - If you
personally manage more than one discipline within your program, please indicate how many
full-time employees (FTE) and/ or part-time employees (PTE) dedicated to the continuity
program you plan to hire in the next year? Please confirm that the number below is the total
number of proposed new personnel for all locations under your direction and management.
(Auto-sum function built into study.) (An assessment of USA respondents.)
Information Technology xx.xx% xx.xx% xx.xx% xx.xx% xx.xx%
Legal Counsel x.xx% x.xx% x.xx% x.xx% x.xx%
Operations x.xx% x.xx% x.xx% x.xx% x.xx%
Program Management
Office x.xx% x.xx% x.xx% x.xx% x.xx%
Risk Management x.xx% xx.xx% xx.xx% xx.xx% xx.xx%
Security – Information x.xx% x.xx% x.xx% x.xx% x.xx%
Security – Physical x.xx% x.xx% x.xx% x.xx% x.xx%
Strategic Planning x.xx% x.xx% x.xx% x.xx% x.xx%
Individual business units x.xx% x.xx% x.xx% x.xx% x.xx%
Other x.xx% x.xx% x.xx% x.xx% x.xx%
Highlighted figures indicate the highest figures for each department owner by row.
If you are not considering a different department owner for the continuity program, which
department(s) would you prefer? Select all that apply. (An assessment of USA respondents.) - Total percent will exceed 100% due to multiple selections.
Table shows a correlation between two different questions. First Question - Which department
best describes the reporting structure of your program under your direction and management?
Please select the best response from the following departments. Second Question – In your
opinion, how would you rate the maturity of your program? Please rate on a scale of 1 to 5 with
1 meaning VERY IMMATURE and 5 meaning VERY MATURE. (An assessment of USA respondents.)
If you are considering a different department owner for the continuity program, which
department(s) is being considered? Select all that apply . (An assessment of USA respondents.) - Total percent will exceed 100% due to multiple selections.
Program Sponsorship
Please specify by job title who is totally engaged and sponsoring the continuity program
functions. Please select the best response. (An assessment of USA respondents.)
Other Responses for Hot-Site/ Alternate Site Providers: Accenture; Agility Recovery Solutions ; CSX; Centrilogic; Centurion and Verizaon; Do not remember; IBM; Internal managed Hot Site; Internally owned
recovery site; Iron Mountain ; Jardine Mathieson - Hong Kong; McCoy Myers and Associates; Northrop Grumman; Not willing to share;
Assessment Work - Employee Training and program advice, Full Scale Exercise, Generate simulation, Plan Testing, Program Maturity Assessment, Software
Implementation, Technical DR/IT analysis, business recovery planning, exercise, incident and crisis management
Compliance/ Standard Work – AIB Food Security, ASIS Resiliency Standard, Applicable state regulations, Circular No. G-139 -2009 (Peru) Managing business
continuity, ISO 28000, PAS200
Other BC Program (Business Processes) Work – BIA, Mobile Recovery, emergency communications
Other DR Program (IT Processes) Work – NONE NOTED FOR OTHER.
Other General Continuity Consulting Work – Exercise, Gap analysis in technical recovery documentation/ testing/recovery checklist, Software Support,
Software Upgrade, Training for employees; Incident Response team training, Vendor Assessment , emergency communications
Mobile Recovery Providers % of Resp Agility xx.xx%
RentSys xx.xx%
SunGard xx.xx%
Other xx.xx%
Other Responses for Mobile Recovery Providers: Can't talk about it due to security ; Continuum; IBM Moble; Mainline; Own; Whoops, don't use mobile recovery; watermark risk management international
llc
Estimated Average Mobile Recovery Budget – Next Year: $xxx,xxx USD
If yes, which mobile recovery provider(s) do you utilize? Select all that apply. (An assessment of
USA respondents.) - Total percent may exceed 100% due to multiple selections.
If not currently utilizing a mobile recovery provi der, are you considering in the next year? If
yes, to the best of your ability, please indicate the budget amount being considered. (An
Our International Benchmarking Advisory Board was instrumental in reviewing the study to ensure it focused on the most relevant topics to continuity professionals today. The goal was to develop a credible reporting tool that would add value to the business continuity profession.
A special thanks to our sponsoring organizations that assisted in translating our study. Without these organizations the study may not have been available in Chinese and Japanese.
Distributing Organizations
BC Management also greatly appreciates the efforts of those organizations that assisted in this global effort. Below is a full list of participating organizations that assisted in distributing our annual study. The contribution of each individual organization does not indicate an endorsement of the study findings or the activities of BC Management, Inc. BC Management greatly appreciates the assistance of the following organizations that assisted with this global effort. This is NOT a complete list of distributing organizations.
Associations
– www.acp-international.com – www.arm.gr.jp/
If yes, please select which standard(s) your organization has achieved certification. Please
select all that apply. (An assessment of USA respondents.) - Total percent may exceed 100% due to multiple selections.
Thank you to BC Management’s International Benchmarking Advisory Board
Thank you to our sponsors and organizations that assisted with this global effort
As a result of our advancement in reporting technology with World APP Key Survey, BC Management is able to offer a true benchmarking
service exclusively for the business continuity management profession. Our benchmarking service includes a report (similar to this report)
customized to your specific filters used to drill down to the data points that compare to your compensations or program planning
initiatives. As a part of our benchmarking service, BC Management is also offering a business intelligence dashboard technology in which
you will receive all the data points (based on your filter specifications) for further independent assessment. This technology will allow your
organization to further assess the data within a flexible, intelligent, user friendly format.
COMPENSATION RESEARCH DATA: Benefits of Our Customized Compensation Benchmarking Service
Saves time and money in assessing compensations for current and future personnel. Provides a fair comparison on compensation bands based on expertise, degree, certification and geography. Assists in retaining current personnel based on compensations in the same geography and job title.
Filters Available to Customize Your Compensation Report
Employment Status – may choose from full-time permanent, part-time permanent, independent contractor and unemployed.
Geography – may choose country, state/providence, or city.
Job Title/ Position – may choose from a selection of job titles.
Discipline – may choose multiple disciplines that are managed with the program (17 to choose from).
Years of Experience – may choose from an experience band of your choice.
PROGRAM MANAGEMENT RESEARCH DATA: Benefits of Our Customized Program Management Benchmarking Service
Allows you to assess the maturity of your business continuity program focusing on industry best practices, dedicated staff, budget breakouts, reporting structure, vendor utilization, program activation and much more.
Provides assistance in presenting business case objectives to your executives to substantiate and expand your program. Prioritizes key initiatives in elevating the maturity of your programs. Assists in building a road map to advance your program and meet your goals.
Customize a Program Management Benchmarking Report for Your Organization
About BC Management, Inc.
Customize Your Compensation and/or Program Management Benchmarking Report
Makes you more efficient by eliminating the need to do research on your own. Provides an unbiased source on how your company compares to the industry; specifically other “like” organizations, which can be
used to support your recommendations.
Filters Available to Customize Your Program Management Report
Industry – may choose more than one industry. Company Revenue – may choose a revenue band of your choice. Number of Employees – may choose a selection from number of company employees. Number of Locations – may choose a selection from number of company locations in either operational and/or retail interfacing. Geographic Distribution – may choose multiple countries as well as how the company locations are dispersed (global, multi-
country, one country, regionally within one country, statewide or citywide). Disciplines within program – may choose multiple disciplines that are managed with the program (17 to choose from). Scope of program – may choose a combination of the following: global, multi-country, one country or regionally within one
country. Maturity Rating of Program – may choose on a scale of 1 to 5 with 1 being Very Immature and 5 being Very Mature (please note
this is a self rating by the study participant). Names of Organization – may choose a list of company names that have participated in our study and completed the program
management portion of the study. Please keep in mind that not all respondents indicated their company name. Many respondents kept their organizational name private. Also, not all study respondents qualified for the program management portion of the study. Only those respondents who managed a program were encouraged to participate in the second section of the study. ALL RESPONDENT CONTACT INFORMATION IS KEPT CONFIDENTIAL AND IS NEVER REVEALED!
Inquiries
For more information or to order a report please email us at [email protected] or call us at (714) 843-5470 or toll free within the
United States (888) 250-7001
Confidential Report
This is a confidential report intended only for the organization that requested and purchased the research data. As such, this report is not
being distributed as a complimentary report among the profession. Please contact BC Management if you would like to share or site this