The BCI Netherlands & Belgium Conference programme

The Business Continuity Institute

Event counts towards CPD

CPD

‘You can’t do BCM on your own’
(BCM kan je niet alleen)

Subject to change

08.30 - 09.00: Registration and networking

09.00 - 09.15: Welcome and opening comments -  Conference Chair

09.15 - 10.15: Keynote: What is resilience and how can we achieve it?

Speaker

James Crask MBCI (Hon), Head of Risk, NDA
There is lots of talk about organisational resilience at the moment but what is it exactly? We didn’t have to look far to find the expert on organisational resilience who thankfully is happy to share his knowledge with us. James Crask who is currently Head of Risk at the Nuclear Decommissioning Authority after leading PwC’s Enterprise Resilience proposition for more than 6 years. James is also Convenor of ISO/TC 292’s working group WG 2 who are responsible for the BCM standards and produced the standard, ISO 22316, Security and resilience – Organizational resilience – Principles and attributes which is the framework developed by international experts. In his presentation James will take us through the evolution of resilience explaining the fundamentals, the benefits and the challenges which include the positioning of resilience and the necessary cooperation between various disciplines. James will also share his thoughts on the future of organisational resilience.

10.15 - 10.45: Morning refreshment break

10.45 - 11.30:

Stream A: Thought provoking

Results of Siemens / The BCI survey on megatrends and climate change
Johan de Wit (Siemens), Michael Crooymans MBCI (Sogeti/BCI), Louise van Schaik (Clingendael)
The Business Continuity Institute (BCI) together with Siemens conducted a survey on long term risk planning in organizations in general and climate change in particular.

The survey investigated how organisations approached this with respect to long term risk planning, the involvement of BCM, Risk Management and other disciplines and the impact on the Supply Chain. Besides the results of the survey, the report will also contain case studies and reflections from experts.

The report will be published on the 12th of September when Johan de Wit and Michael Crooymans will present the results and conclusions of the survey. Louise van Schaik Head, Clingendael Sustainability & Senior Research Fellow at Clingendael, an expert on Climate Change, will provide her expert reflection on the results.

Stream B: Practical

BCM Software Applications - today, tomorrow and the future
Jon Mitchell, Head of Business Development, ClearView Continuity
This presentation will cover a range of use cases for use of BCM software applications, focusing on how use cases are changing and will continue to change. What is the current situation and what is the tool used for?

The ‘standard’ approach of Risk Assessment, Business Impact Analysis (BIA) and Plans will still be the core of BCM software applications, but linking BIAs and Plans into one data gathering exercise could be an alternative approach. Pre populated data (mandatory or optional for the BIA/Plan owners) can be a way to enhance centralized data quality management as well as less time consuming management of BIA/Plan owners in a Parent-Child format. The features and option of tomorrow will be far more effective, efficient and divers. Structure is required, especially when organisations want the application to support the ISO 22301 requirements.

The future tooling asks for even more. An exercise is not simply an exercise. Tooling needs to be smarter, needs to add value also from a data repository perspective. Valuable data is stored in well managed Business Continuity Management Systems and it would be a waste not to use that. Also requirement regarding notification, incident management and the secure availability of everything everywhere, anytime requires more attention to mobile applications and security.

Be surprised by the possibilities...

Stream C: Collaboration

Exercising multi-discipline cyber response
Iowa Carels, Team lead Strategy and Policy – BCM, Chief Information Security Office KPN
Given the complexity and constantly changing nature of cyber-attacks as well as the possible high impact for an organisation, it is essential that the multi-discipline cyber response is frequently and properly exercised. For BCM practitioners, cyber incidents have again been indicated as the biggest threat to Business Continuity. Typically Information Security has been responsible for cyber resilience, however given the possible impact for the business, Crisis Management and Business Continuity Management, among others, now also play an important role in establishing and maintaining the organization’s cyber-resilience capability.

Iowa Carels, will facilitate an interactive Cyber Exercise Game which helps reinforce the need for exercising as well as demonstrating the need for cooperation in all phases. This Cyber Exercise Game can be adapted and used in all organisations to improve the cyber resilience.

11.30 - 11.35: Short break

11.35 - 12.20:

Stream A: Thought provoking

Challenging the maturity of BCM
Rudy Muls MBCI, Information Security Officer, Business Continuity and Crisis Manager, KBC Bank
The ability to be able to continue the critical business processes during/after a major disruption is essential to an organisation. It is a challenge to implement BCM but is generally more of a challenge to keep BCM up to date and keep improving the capabilities to deal with new and changing threats such as cyber that an organisation faces. At KBC Bank this was tackled by challenging the organizational entities to demonstrate and improve their BCM maturity resulting in improved resilience. Rudy Muls, KBC’s Information Security Officer, Business Continuity and Crisis Manager, will show us how this approach was sold to Top Management, how it was developed and implemented with minimal impact on the organisation. Rudy will also demonstrate the benefits and how various departments worked together to establish and conduct this programme. Last but not least Rudy will share the framework which can easily be adopted by other organisations.

Stream B: Practical

Realistic testing - would you dare to shut down the power?
Louis de Pauw, Technical Manager, Reinier de Graaf Hospital
Martijn Does, ZiROP & Calamity Cooordinator, Reinier de Graaf Hospital
In order to make our organisation resilient we implement various measures such as redundant resources to be able to rapidly resume business services in the event of a major disruption. While it seems logical to test these critical measures they are often not realistically tested as the business will be affected if the test is not successful. The risk is that they don’t work when they are needed in a disruption and we all have seen examples of this. With careful preparation a realistic test can be carried out responsibly.

At the Reinier de Graaf Hospital they tested the emergency power supply by getting the Power Company to physically shut down the power to the complete hospital.

Louis and Martijn, will explain to us how they got approval for this test and how it was prepared so as to minimise the risks. Furthermore they will share how involving the departments during the preparations actually helped to initiate a program which significantly improved the resilience of the hospital.

Stream C: Collaboration

BCM and ICT - working together
Jan Vervoort MBCI, BCM, De Lijn
Quite often ICT disaster recovery is mistaken for BCM, understandable given the high level of reliance on ICT and the frequency of ICT incidents. Ensuring the continuity of ICT is an important aspect of a BCM programme. It is not just the ICT systems but also the related management processes which must be continued to ensure that the organisation’s business processes are supported. Continuity of the ICT and support processed is usually bundled and known as IT Service Continuity Management – ITSCM.

Jan Vervoort, Business Continuity Manager at De Lijn, a public transport company in Belgium, will share with us how the implementation of a secondary datacentre and development and implementation of the ICT disaster recovery plan resulted in a much better cooperation between BCM, ICT, Information Security and the Business departments to improve the resilience of De Lijn.

Jan will share the approach, context and lessons learnt during this project. Jan will also be asking the audience for feedback on their project.

12.20 - 13.20: Lunch and networking

13.20 - 14.05:

Stream A: Thought provoking

You can't manage a crisis on your own
Filip de Wolf FBCI (PwC), Roy Coppieters AMBCI (PwC), Maarten Smulders (PwC)
In today's fast pacing world no organization or company is immune to a crisis. Whether it is a massive product recall, a cyber incident or a blunt fire, in the current context any incident could rapidly escalate to a full blown crisis. Managing the full spectrum of a crisis had become a delicate and complex process.

Any crisis requires a multi-disciplinary response with the CMT as central coordinator. Who are the actors? What is their role? How do we manage them towards a successful crisis response? In our presentation we will look at the evolution of crisis management over the past decades and show you how modern crisis management teams can take the lead in the multi-disciplinary response to a crisis: A collaboration between multiple actors, internal and external, including a few you might not have been expecting…

Stream B: Practical

On track with BCM and resilience at ProRail?
Jean-Pierre van Eekelen CBCI, Corporate Business Continuity Officer, ProRail
ProRail is responsible for the rail infrastructure in the Netherlands which is used by 1.2 million passengers per day and supports 100.000 tons of cargo per day. Given the density of the rail infrastructure, a single disruption can quickly have a large knock-on effect whereby many trains are affected with all the associated consequences. This of course does not escape the media or the effect on the public opinion.

Managing the rail infrastructure involves not just ICT but also many technical systems and civil constructions – these are also susceptible to incidents – some are easy to take care of – repair, replace or use an alternative. It gets more challenging when a section of track or bridge is damaged or there is a power outage. This quickly has an effect for passenger and cargo operators that exploit the rail infrastructure such as the Dutch Railways (NS).

Jean-Pierre will give us some insight into how the continuity is organized and how it is continually improved within ProRail. To give an impression of the scale of the challenges he will first give an overview of ProRail and how BCM is organised. He will also give an overview of current measures and projects that support the continuity in respect to 3 aspects: prevention, minimising the (business) impact and recovery.

In the second part of his presentation, Jean-Pierre will go into more detail about creating a more resilient infrastructure – how can it be designed to minimise the occurrence of disruptions and be easily recovered when something does go wrong? “Continuity by design”. How can this be achieved? Not just expertise but also awareness, management commitment and governance are required.

Stream C: Collaboration

Improving supply chain resilience - risk and continuity
Rob van den Eijnden CBCI (Philips), Erwin Bos MBCI (Philips)
One of the results of the cooperation between the BCI and Society for Risk Management (GvRM) is a workgroup which is examining the benefits of combining BCM and RM in the management of the Supply Chain. The group has been given access to the BCM and RM aspects of Supply Chain Management (SCM) in a number of multinational organisations. Rob van den Eijnden, one of the members of the work group will share the challenges of SCM and the best practices for combining BCM and RM and the benefits of this approach. These best practices can also be applied to smaller organisations.

Erwin Bos will demonstrate how Royal Philips has approached their implementation of BCM in combination with RM.

14.05 - 14.10: Short break

14.10 - 14.55:

Stream A: Thought provoking

How can we plan for Chaos?
Dr Mike Lauder MBE, Alto42 Ltd, Cranfield University (UK)
No one really disputes the need to plan. Plans are seen as one of the key products for both business continuity practitioners and crisis managers. However, as we all know that major incidents normally don’t ‘follow the plan’, the question is, what efforts should be made to plan for what events?

Mike Lauder, independent researcher, writer and lecturer and developer of the concept of "Normal Chaos", discusses how we need to consider the real benefits that can be accrued from the planning process and for planners to recognise the effort wasted within our current processes. He sees the question as being “how can we efficiently produce effective plans?”

Mike will introduce the audience to the concept of "Normal Chaos" and will discuss its implications for crisis and contingency planning.

Stream B: Practical

What is reputation damage actually and how can you predict it?
Ruurd Jansen, Senior Reputation and Brand Analyst, Nederlandse Spoorwegen (Dutch Railways)
When assessing impact that an incident may have we invariably consider reputational damage. How do we measure reputational damage and how can we determine possible damage caused by various incidents? It is much more than ‘negative press’. Ruurd Jansen is Senior Reputation and Brand Analyst at Nederlandse Spoorwegen (Dutch Railways) an organisation that is frequently in the news. Having monitored the reputation of the NS over a longer period Ruurd is able to show the effect that various incidents have had. Based on his analysis he will demonstrate which aspects can predict the possible reputational damage for various incidents. Last but not least Ruurd will share best practices for minimising the reputational impact once an incident has occurred.

Stream C: Collaboration

Dependencies need more attention
Gert Kogenhop, Founder, bcm+
The professional practices of BCM are well established and following them correctly leads to the capability of an organization to recover its critical products and services within an acceptable time in the event of a major disruption. One would think that it is then simple to maintain this capability. Unfortunately the reality is often otherwise as Gert Kogenhop, a BCM consultant and instructor at bcm+ will demonstrate. The issue here is that while during the BCM implementation much effort goes into identifying the critical dependencies and implementing the necessary measures to recover these, unfortunately this care and attention to detail is not always applied to maintaining them or when making changes (to the organization). While these changes are usually made to improve efficiency and/or lower costs, however they often have an adverse effect on the ability to recover from a major disruption. Gert will provide many examples which demonstrate how easily this can go wrong and interact with the participants to explore ways in which BCM (aspects) can be involved in the decision making and change processes to maintain the organization’s resilience.

14.55 - 15.15: Afternoon refreshment break

15.15- 16.15: Keynote: With a little help from my friends

Speaker

Eelco H. Dykstra
What gets in the way of us (collaborating to) improving our organisation’s resilience and what can we do about it? During this dynamic keynote session seasoned emergency and disaster expert, lecturer, public speaker and workshop leader, Eelco Dykstra will help us initially to reinforce the need to improve collaboration to enable resilience in our organisations. This of course is the easy part. It becomes more difficult when trying to understand why we are not collaborating as well as we could be – this is not just within our own organisation but is common across the industry. Eelco will introduce DIEM’s Nine Universal Roadblocks methodology and we will apply it so that we can determine how big a role each ‘roadblock’ plays in our situation and rank them. It will be interesting to see which roadblocks are most significant to us.

Now comes the challenge – what do we do next? How can we solve or avoid the roadblock? After having the opportunity to devise our own answers, Eelco will capture some of the answers (Focused Feedback) from the group after which he will share some of the answers that he has captured by conducting many of these session internationally.

Eelco will keep us on our toes during the whole session by sharing various challenging anecdotes throughout.

After the conference, Eelco will collate the responses and produce a report which will be sent to the participants. The results will also be compared to other sessions that he has conducted which can be seen as a sort of benchmark.

All in all enough information and inspiration to take resilience to the next level in your organisation.

16.15- 16.45: Panel discussion- [To be announced]

16.45 - 17.00: Thanks and closing remarks

17.00 - 18.00: Networking drinks