« GRC in the Cloud - Control + Visibility = Trust – Some examples from VmWare and RSA | Main | Five Simple Questions Core to GRC Program Success »

03/18/2011

Japan Disaster: Reminding us why we need GRC that integrates Business Resilience, Risk and Incident Management

Japan's devastating earthquake, subsequent tsunami and current power plant threats remind us that we live in a world where the combination and cascading effect of threats raises risks beyond what we consider a reasonable threshold.  It is these apparent ‘black swan’ events that really set us back.  In times like this we see clearly the tight relationship between business resilience, risk and crisis management.

 As we watch the Japan disaster unfold, GRC and Business Continuity professionals the world over are abuzz with what this means back home.  Many organizations will take this an opportunity to look at their own best practices to understand their real exposures and plans to protect people and critical processes in the event of a disaster.

Centralizing approaches to business continuity, disaster recovery, risk and crisis management is a pure GRC use case.  And increasingly an urgent one. It seems impossible, and actually is, without a strong GRC program and good solid technology platform that cover the basics:

  • End-to-end risk management process with a common nomenclature and processes for assessing risk on a near-real time basis
  • Consensus between the business and IT on risk appetite
  • Complete understanding of business process criticality, RTOs  and RPOs
  • Visibility into the technology eco-system internally, and across the hybrid cloud - and how it supports the business
  • Online access to business continuity and disaster recovery plans in the event of a crisis or business disruption.
  • Centralized reporting and management of crisis events that impact employees, customers, stakeholders and mission-critical operations.

I have seen few platforms that can do all of this – but they are emerging.  RSA Archer Business Continuity is one, and there will be more entering the market in the short to medium term. It’s worth looking into these unified approaches –taking a proactive approach could save your organization in ways you can’t even imagine today. Who would have predicted we’d been looking at what we are now in Japan?  It is people, processes and technology, orchestrated in a way that is trulyresponsive, that in the end, makes all the difference.

Posted at 12:44 PM in Cloud Computing, Information Governance, Information Security Risk Management, IT GRC, Risk Manangement |

Technorati Tags: , , , , , , , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a0120a5379ba6970c014e5ff3a210970c

Listed below are links to weblogs that reference Japan Disaster: Reminding us why we need GRC that integrates Business Resilience, Risk and Incident Management :

Comments

My Photo

About Me

  • Director, GRC Strategy Services, EMC Consulting, EMC Corporation

    MBA, CISM, CGEIT

    Yo has over 30 years in the technology industry, as it has evolved from punch cards through distributed computing to today's fluid and elastic infrastructures. She loves technology and has focused her attention on risk management over the last 8 years.

    Yo's current expertise is in helping companies implement strategies and programs for governance, risk and compliance (GRC) solutions.

    She enjoys understanding emerging markets and urgent customer needs, and helping to rationalize and create GRC programs that add strategic value while delivering dramatic cost savings.

    She has led start-ups and business units within system integration and outsourcing companies, and has many years consulting experience, in initiatives ranging from technology acquisitions through enterprise-wide architecture strategies.

    Yo lives in Great Falls, VA with her family.

Categories

Recent Posts

Sites and Links

Recent Comments

Blogroll

Archives

Categories