Bough helps a global technology company implement an effective and a cost-effective revenue assurance program to ensure regulatory compliance and meet audit requirements
Business Continuity and Disaster Recovery reviews
Risk Assessment and Business Impact Analysis
Plan testing and maintenance
Benchmarking and recommending best practices
Define DRBCP governance and execution strategy
Business realties forcing a shift in focus
Our client is a leading media company, headquartered in New York, with revenues of over $3 billion creating, managing, and delivering media content via its broadcast, cable, and digital networks and partnerships.
With offices located all over North America, the company is exposed to a wide variety of threats (both natural and man-made) which had brought the Company’s ability to deliver / broadcast seamless content and continue operations in the event of a disruption or disaster to the fore and under great scrutiny.
The show must go on
Business priorities for a media company are particularly focussed towards creating, managing, and delivering content to its audiences in a seamless manner. Therefore, it was imperative for our client to sufficiently prepare for the continuity of its business following a possible catastrophic event that could disable operations of its Television and Radio broadcast stations and transmission sites.
The client had experienced past business disruptions (being off-air) that proved to be costly with many direct and indirect consequences – lost revenue, damage to corporate reputation and reduced customer satisfaction. Almost the entire revenue model for our client was dependent on playing out commercial content; and adequate measures needed to be implemented to protect its critical resources supporting the revenue stream to accommodate both short and long-term outages of is broadcast stations / transmission sites.
Therefore, management recognized the importance of conducting a DRBCP review, and called upon Bough to assess the Company’s preparedness in dealing with business disruptions and instituting an effective organization wide DRBCP governance strategy.
Solution
Through our review procedures we evaluated the existence, adequacy, and appropriateness of the DRBCP documentation covering the planning, execution and maintenance process within the Company and assessed the organization’s ability to maintain, resume and recover operations after disruptions ranging from minor outages to full-scale disasters, both, at the enterprise and at the business segment level.
Broadly, our review revolved around the following themes:
Appropriateness of Business Continuity and Disaster Recovery Plans: Review the existence and adequacy of enterprise-wide and business segment DRBCP plans and procedures
Oversight and Support: Assess the quality of oversight provided by the Company’s executive leadership
DRBCP focused Risk Assessments and Business Impact Analysis (BIA): Determine whether adequate DRBCP focussed business impact analysis (BIA) and risk assessments have been completed
DRBCP Testing and Plan Maintenance: Assess whether periodic testing / reviews are performed to ensure that business operations will be maintained, resumed and / or recovered as intended in the event of a disruption or disaster
Backup and Recovery: Determine whether plans include appropriate hardware, data and application software backup and recovery plans / procedures
Security Procedures: Determine whether plans include security procedures covering the existence and adequacy of information security, physical security and access controls over data backups, networks, systems, alternate sites, and facilities
Critical Outsourced Activities and Vendor Relationships: Determine whether critical outsourced activities and vendor relationships are sufficiently covered, and SLAs defined to ensure adherence to defined standards and restoration timelines
Results
Through our meticulous panning and fieldwork Bough delivered a highly successful project, meeting all targets for delivery and budget. Not only did we identify improvement opportunities to enhance existing processes, but also encourage stronger and more effective collaboration across the organization.
Highlights include:
Bough benchmarked the organizations current state of the program with respect to the ISO and NIST standards, identified opportunities for improvement and provided recommendations to enhance the effectiveness of the enterprise wide DRBCP
We learned that the company lacked direct authority and management oversight over the program, which hindered the company’s ability to drive change and implement best practices across functions. To alleviate this problem, Bough worked with the client to set-up a cross-functional DRBCP steering committee to allow for a top-down managed enterprise-wide DRBCP and provide the much-needed leadership for a centralized governance framework
Comprehensive, well-communicated, and regularly monitored procedures related to governance also helped the client to realize optimal levels of program engagement and coordination, and achieve clarity on employee roles, responsibilities, and reporting requirements; all contributing to an effective program implementation
By recommending the performance of a comprehensive business impact analysis (BIA) and risk assessment (RA), management was able to adopt a risk-based approach to drive prioritization of DRBCP efforts across the enterprise and efficiently utilize limited resources by focusing on the mission critical functions of the Company.
Through our reviews we learned that the client predominantly focused on events rather than on the results of those events. Through our recommendations we were able to shift the mindset of the senior leadership to focus on the outcome of an event (e.g., facilities destroyed, resources lost), rather than the type of event (e.g., flood, hurricane), to determine severity of the situation, ensuring effective monitoring and response to disruptions and contributing to better strategic decision making
