BCI Summit Australasia 2017 Conference and Exhibition

SMC Conference & Function Centre

Sydney NSW

4th – 5th May 2017

bcisummit.com.au

Presented by

Major Sponsors

-Building Resilience-

BCI Summit Australasia 2017

Thursday 4th May 2017 DAY 1 Note: Program subject to change

8:30 Registration

9:00 Welcome from the President & Chair, BCI Australasian Chapter

9:10 Opening remarks from the Summit Chairperson

9:20 Keynote – Cyber Breach & Threats and the Mandatory Data Breach Notification Legislation Leonard Kleinman

10:00 Changing Trends in Workplace Recovery - Diamond Sponsor Mitesh Shah, Regus Workplace Recovery

10:30 Morning Break & Networking

STREAM 1 BCM & Resilience Practice

STREAM 2 CYBER, Technology and Thought Leadership in

Resilience & BCM STREAM 3

Personal Development & Advanced Methodology

11:00 Do you want to build a snowman? - A theoretical framework for Supply Chain Continuity

Dale Cochrane - NAB

A Case study: Cyber risks and how they can happen Juan Arias - Deloitte

Interactive workshop

Challenges in Meeting Stakeholder expectations Paul Trebilcock - JBTGlobal

11:35 Implementing a business continuity plan – working with emergency services David Campbell - CFS

Defending your data against everyday Cyber Fraud

Eduardo Perez - Interactive

12:10 Key Business Continuity Trends in 2017/2018

Matt Chantrell - ReadiNow

A Better Way to Tackle the Cancer of the Digital Age Andrew Bycroft – The Security Artist

Building Engagement in Direct and Non-direct Reports Jenny Pryor - Macquarie University

12:45 Lunch

1:45 The Future of Business Continuity Cathy Cyphus - PWC

Interactive Workshop Embedding Cyber Security into your BCM Program Trent Clouston - RiskLogic

Interactive Workshop Professional Development & Enhanced Skills Ken Simpson – VR Group

2:55 A Climate for Change: Business Continuity in a Changing Climate Ben Scheltus – Climate Alliance

The Risk Revolution – Cyber: the fast-moving target Fergus Brooks - AON

How do we do BC in continuous change? Eoin Higgins – Pfizer Australia

3:30 Afternoon Break & Networking

4:00 Enhancing Your Leadership Team’s BC Capabilities Through Technology - Platinum Sponsor Simon Petie, RiskLogic

4:30 BCI Australasia Developed Organisational Resilience Tool – Exclusive World First Release! Peter Brouggy Hon FBCI & 2020 ThinkTank

5:15 Day 1 Wrap – Closing remarks from the Summit Chair

5:25 Day 1 Close

5:30 Drinks and Canapés Networking Session Sponsored by

7:00 Conference Dinner

Diamond Sponsor

BCI Summit Australasia 2017

Friday 5th May 2017 DAY 2 Note: Program subject to change

8:30 Registration

9:00 Welcome from the Summit Chairperson and outline of Day 2 events

9:20 Keynote – Human responses to threat and uncertainty, and how to help Dr Sarb Johal

10:00 Another Important Trilogy - Bringing together your Resilience, Cyber and Privacy Programs - Diamond Sponsor Sam O’Brien, RSA

10:30 Morning Break & Networking

STREAM 1 BCM & Resilience Practice

STREAM 2 CYBER, Technology and Thought Leadership in

Resilience & BCM STREAM 3

Personal Development & Advanced Methodology

11:00 Interactive workshop

Developing BC Exercises – An Interactive Case Study on how to begin from an empty page Eric Sidoti - Datacom NZ

Managing Sustainable Resilience in a Large Organization – Key Success Factors Ian Wall – Worley Parsons Interactive workshop

Facilitation; A specialist skill Grahame White / Dan Ruming – Fulcrum Risk

12:10 Case study presentation – the state-wide power outage in South Australia that ‘would never happen’ Leanne Adams - SA SES

The nexus between business continuity, compliance and risk Carolyn Hanson - President GRCI

12:45 Lunch

1:45 Multi Presentation & panel discussion; November 2016 - The Wellington story Glen Redstall and Team

Standards on the Horizon Saul Midler FBCI - Linus Consulting

Strategic Enablers for Sustainable Resilience Bob Walker - Deloitte

2:20 Building a Cyber Start-up – tips for young players Tim Rippon - elasticus

Personal Resilience - From Neuroscience to Business Relevance Jurie Rossouw – Rforce

2:50 Afternoon Break & Networking

3:20 Academic Evidence, Business Insights and New Thinking on Organisational Resilience - Platinum Sponsor Chris Meehan – BSI

3:50 Organisational Resilience is more than Business Continuity – Bringing it all together Dr John Vargo – Resilient Organisations, Canterbury University

4:20 The BCI: A New Resilient Direction - David Thorp, Executive Director The Business Continuity Institute

4:50 Prize Draws and Day 2 Wrap – Closing remarks from the Summit Chair

5:15 Conference Close

Diamond Sponsor

About the Summit

The 2017 BCI Summit Australasia Business Continuity & Resilience Conference & Exhibition theme focuses on the building blocks of Resilience – encompassing real world wisdom, thought provoking comment and case studies.

Presentations will focus on the “top risks” exposed in the 2017 BCI Horizon Scan report, the world’s number one report on

what you, the practitioner, the professional and senior business leaders see as “concerning”. Understanding the threats and

the building blocks that, together, will help us manage those threats, will truly help us in Building Resilience. It will cover

both cyber and non-cyber risks, and is guaranteed to appeal to a diverse audience of all experience levels.

Leonard Kleinman Chief Cyber Security Advisor – Asia Pacific Japan RSA

Len Kleinman is the Chief Cyber Security Advisor for RSA APJ. He has over 25 years of experience in the information technology industry, with an early focus on Oracle CASE, network operations and database administration. His current focus is to work with executives and business stakeholders to make security a strategic priority that translates into business value.

For the last 14 years, Len has worked in senior roles in IT security at the Australian Tax Office, including governance and risk, compliance, and IT Security Advisor roles. Len is the current Branch Executive for the Canberra chapter of the Australian Information Security Association (AISA), a member of the Global Digital Infrastructure Alliance, and sits on The Harvard Group Advisory Council. He has qualifications in Information Systems, Management, Tax Administration Law and Risk Management. A security technology community activist, he is involved in and supports several cyber security and technology organisations and regularly speaks at security events.

Cyber Breach & Threats and the Mandatory Data Breach Notification Legislation The impact of globalisation on Australian businesses and security is not a new development, but one that has accelerated enormously in the last decade. Organisations are looking to remain competitive and relevant; this means greater adoption of new and emerging technology. However, the more that organisations embrace technology, the greater the operational complexity and risk to business. Within this globalised environment, users are borderless. Technology and the Internet has given us new ways to reach out and connect with our audience. Organisations can interact and engage 24/7, regardless of geographical boundaries and time-zones. However it has also given rise to the heightened risk that cyber activity poses to organisations, be they public or private, and across all industries. The cyber threat environment is complex and dynamic, giving rise to the concept of “Business Driven Security”. Securing your business and assets, is important. But recognising that cyber incidents will happen and having the foresight to plan for it will determine which businesses survive & thrive and which will not.

Dale Cochrane DBCI National Australia Bank

Dale has worked in the financial services industry for the past 23 years and the not-for-profit sector for the last 4 years. Providing Business Continuity, Incident and Crisis Management expertise at NAB since 2014, he specialises in Supply Chain Continuity Management for NAB and Business Continuity Management for the not-for-profit sector. Dale has been a finalist for the past 3 years in the BCI Australasia Awards and he has recently been nominated as a finalist in the Asia-Pacific StrategicRISK Risk Management Awards 2017 - Best Business Continuity Approach.

Do you want to build a snowman? A theoretical framework for Supply Chain Continuity The supply chain continuity framework expands on NAB BCM policy on establishing appropriate levels of continuity management within NAB’s supply chain, along with NAB Outsourcing and Procurement Policy. Supply chain management considers the full range of activities concerned with purchase and provision of supplies or services as a part of business-as-usual. The scope of this presentation considers the issues faced by NAB which needs continuity of supply of products and services to protect its critical business activities or processes, and the strategies which can be used to mitigate the impact of disruption in the supply chain; this is SCCM. SCCM depends upon the business impact analysis (BIA) to identify critical business activities and processes and the suppliers who are involved in these.

Mitesh Shah CBCI Director Workplace Recovery, APAC Regus

Mitesh Shah is currently the Director - Workplace Recovery for APAC Region in Regus where his role is to engage with clients to provide pragmatic cost effective recovery site solutions. His prior stint as a Risk Management professional assists him to propose solutions to clients based on their risk profile & appetite. He has shared his thoughts & experiences on Workplace Recovery at various forums including Asia Risk & Resilience Conference, BCI India Conference, World Continuity Congress. He has also worked as a Business Continuity/Disaster Recovery and Information Security Consultant & Trainer in the Asia Region and implemented projects for multiple MNC’s. He has consulted to companies like Nokia, Changi Airport Group, M1 Telecom amongst others for BC & InfoSecurity. Mitesh Shah has completed his MBA in Information Systems & Security and has certifications such as CBCI from BCI, CISA & CISM from ISACA, ISO 27001 Lead Auditor from BSI and PMC from SBACC

Changing Trends in Workplace Recovery With the changing threat environment, organizations are now looking for Workplace Recovery solutions that take into EMPLOYEE NEEDS. Lessons learnt from the recent past, have made organizations think for AREA WIDE CRISIS scenarios where multiple locations are affected. Learn how successfully organizations have weathered crisis situations with PRAGMATIC solutions that offer GUARANTEED recovery within cost effective means.

Juan Pablo Arias Manager, Cyber Risk Advisory Deloitte Australia

Juan is a Manager in the Deloitte Cyber Risk Advisory practice, and has over 8 years of experience in cyber security. His experience includes security consulting across Government and the private sector in a variety of countries. Juan has led projects related to application and network security testing, cyber threat monitoring, disaster recovery, security incident response, network and application architecture reviews and platform configuration hardening.

Juan has participated in a number of information security projects, helping clients from different countries in designing and implementing information security programs to meet business requirements and build resilience against cyber threats.

Case study: Cyber incidents and how they can occur Hacked devices, crashed websites, breached networks, denials of service, copied emails, stolen credit card data, and other cyber incidents have become commonplace. Cyber-attacks are carried against organisations across the globe on a daily basis and, while not all of these attacks succeed, the high probability of cyber incidents dictates that every organization needs to be prepared to respond effectively. During this presentation, Juan will talk about the importance of cyber resilience and demonstrate a real world cyber security incident scenario. This case study will show attendants how an organisation could be compromised via seemly innocuous activities, such as plugging a USB thumb drive or clicking on an email link.

Paul Trebilcock OAM FBCI Director JBTGlobal

Paul is a founding Director of JBTGlobal, a global corporate advisory consultancy. He is a Fellow of the BCI and he has more than 30 years’ experience in the industry. He has been a Member of the Australasian Board of Directors since 2013. Paul is a recipient of the Order of Australia for his meritorious service, particularly in the areas of planning and conduct of counter-terrorist operations and training, and he has also received a number of industry awards including the Global and Australasian Continuity and Resilience Consultant of the Year in 2016.

Challenges for BC & Resilience Practitioners Meeting Stakeholder Expectations The business environment in which we operate is becoming increasingly complex. The global terrorist threat, the development of new technology, the changing political landscape and extreme weather events, are all providing unprecedented new challenges. Presentation Objectives: Based on more than 30 year’s experience in the profession, this presentation will provide an overview of the ongoing challenges that BC and resilience practitioners encounter meeting stakeholder expectations, particularly those of the Executive and senior management. It will include a selection of relevant case study examples of the challenges personally faced during various engagements with small medium enterprises through to large multi-national corporations operating in the Australasian region. The presentation will conclude with an interactive and participative open forum discussion that will further explore the issue of ‘stakeholder expectations’ and provide an opportunity for delegates to share their own ideas and experiences.

David Campbell SA Country Fire Services

Mr David Campbell has been working in the emergency services sector in South Australia for over 14 years. He is currently working for the SA Country Fire Service in developing emergency and incident management capability which includes specialising in exercise management. He also performs a range of operational emergency response roles. David also facilitates an online course in Business Continuity Management as part of the Master of Project Management delivered by the University of South Australia and offered through Open Universities. David is a member of the International Association of Emergency Managers, is a Certified Emergency Manager as well as an Affiliate member of The Business Continuity Institute.

Implementing a business continuity plan – working with emergency services At least five (5) of the ten (10) threats identified in the BCI 2016 Horizon Scan are most likely to involve in some way Government intervention and or direct response from Police and Emergency Services. To what extent does the successful implementation of a BCP rely on the actions of emergency services during a major disaster? Does the plan still stack up if we are no longer in control of what happens next? The BCI Good Practice Guide (2013, p.84), outlines that staff with an appropriate level of experience and authority should be appointed to liaise with the emergency services. This presentation will explore how an organisation can better prepare for working with emergency services when those services may take actions that limit a plan’s effectiveness

Eduardo Perez Head of Cyber Security Interactive

Eduardo Perez is the Head of Cyber Security at Interactive Pty Ltd, Australia’s largest privately-owned IT company. He has had a distinguished career spanning more than 20 years in IT across global organisations including JPMorgan and IBM where his expertise was utilised in the areas of computer security, cybercrime, critical infrastructure protection and business risks related to cyber security.

Having played a key role in OzEmail’s internet account fraud and email abuse investigations team in the 90’s, Eduardo has brought across his breadth of experience to Interactive by developing their cyber security strategy and managed security services roadmap

Defending your data against everyday cyber fraud Eduardo’s key points will be: • Australian Cyber Fraud Statistics • Cyber Fraud – Social Media + Email • Malware attacks

Developing a strategy to manage and minimise risk.

Matt Chantrell GRC Specialist ReadiNow

Matt is a Governance, Risk and Compliance (GRC) Specialist who works closely with organisations to understand their goals and challenges, and help define effective strategies to take their GRC programs to the next level.

Matt has worked in Australia and the UK with industries including Financial Services, Government, Media, Telecommunications and e-Commerce. Matt has sales and delivery services experience spanning 8 years in a range of GRC disciplines including IT and Operational Risk, from working with companies like RSA Archer and IBM.

Matt uses his experience to deliver best practice and practical advice to his customers and aims to help organisations eliminate barriers to GRC success by promoting efficiency, collaboration and visibility at every step.

Key Business Continuity Trends in 2017/2018 • With silos becoming outdated, especially with company growth, you’ll hear how

revisions to BCM strategies will show the benefits of integrating technology to help develop a clear, crisp and ergonomic BC approach.

• You’ll hear how businesses are obtaining the support of stakeholders to invest in an integrated and holistic approach to their risk management as a whole to ditch their traditional manual processes for Business Continuity and adapt to cloud and technology based frameworks that support their BCM with ease and efficiency.

• Companies will be concentrating on supply chain resiliency and building disaster recovery training

• Immediate cost savings, visibility, control and integration are a part of the future to help significantly reduce risks.

Andrew Bycroft The Security Artist

With more than two decades of experience, Andrew has provided expert advice on combating cyber crime to some of the most respected brands throughout the Asia-Pacific region. In that time, Andrew has recognised that, irrespective of the size of the organisation, the same principles apply for protecting an organisation from cyber crime and enabling it to thrive in the face of adversity.

An advocate for a means of reducing the cost of impact and cost of solving the growing cybercrime epidemic, Andrew is the pioneer of a new but proven methodology known as the Cyber Resilience Battle Plan®.

Regarded as a global thought leader on the rapidly changing future of cyber crime, Andrew is also highly sought after as a public speaker; a facilitator for, and member of, the Australian Institute of Company Directors; a member of the Risk Management Institute of Australasia; member of the Australian Information Security Association; and a member of the Information Security Audit and Controls Association. Andrew is the author of the book "The Cyber Intelligent Executive" a co-author of the upcoming book "Adapt or Die" and has also been asked by the Australian Institute of Company Directors to write a book titled "The Cyber Intelligent Director".

A better way to tackle the cancer of the digital age Did you know that cyber crime is projected to rise to a $6 trillion problem, globally, by 2025 up from an already astounding $450 billion in 2015? Did you know that the companies we entrust to keep our money safe; provide us with clean water and energy; and keep us alive and well are < 40% prepared for cyber crime? Did you know that the reason cyber crime has reached epidemic proportions and can be thought of as the cancer of the digital age is because we have mistakenly adopted the belief that cyber security is the solution? Wait a minute, what was that last one? If cyber security is not the answer, then why are we doing it? And if it is not the answer, then what is the answer? In this presentation, you will receive a practical guide to making a serious dent in the cyber crime problem with powerful ideas that you can take away and put into action to: • Quantify the cost of cyber crime to your organisation • Communicate the seriousness of the problem to the executives and board of directors

in language they understand • Get increased budget to combat cyber crime • Make the entry barrier for cyber criminals several magnitudes of order more difficult • Replace cyber security with a better weapon for combating cyber crime.

BCI Summit Australasia 2017 - B U I L D I N G R E S I L I E N C E -

Jenny Pryor HR Consultant & Lecturer Macquarie University

Jenny Pryor has 15 years’ experience in corporate Human Resources roles. Her areas of expertise include recruitment, leadership development, organisational design, learning and development and performance management.

She most recently worked at General Electric, as the HR Director for their financial services business. Prior to that, Jenny worked for Toshiba, setting up the internal recruitment team and Goldman Sachs in London in an internal recruitment capacity.

Jenny currently consults to organisations on a range of HR issues and facilitates workshops at conferences around leadership, retention and performance management.

Jenny also lectures in Human Resources at Macquarie University and tutors in the Business school at the University of New South Wales. She has also run her own small business, and so has experience in managing human resource issues in both corporate and small business environments.

Building engagement in direct and non-direct reports This workshop unpacks the issue of employee engagement. We focus on two types of employees – those who are direct reports and those who we need to influence, but who report into a different part of the business. Participants will learn proactive retention techniques, including how to have conversations with your most valuable employees to learn about their likes and frustrations at work to ensure you keep them long term. We will also explore specific strategies for building engagement, including career coaching and rewards and recognition.

Cathy Cyphus Senior Consultant PwC Consulting

As a Senior Consultant in the Risk Consulting practice Cathy specialises in risk and resilience across a range of industries and sectors including health, charities, public sector and financial services. Cathy’s brings her prior experience in leading organisations in Australia and the UK across building crisis management capabilities. She has experience in business continuity, crisis leadership and crisis management, strategic resilience, enterprise security, enterprise risk management.

The future of Business Continuity This session will present the results and trends from the recent PWC & BCI whitepaper and survey, featuring a panel session and discussion: • Introductions • The Global Report • Australia and Resilience • The Resilience Gap • The Prevention Case • The Global Crisis Centre

Trent Clouston AMBCI Senior Manager, Resilience Services RiskLogic

Trent has delivered presentations to Senior Executives across Government and Non-Government organisations in relation to Business Continuity, Crisis Management and Incident Management. He is currently the Lead Project Manager for Cyber Security Projects at RiskLogic. He is practiced in all aspects of the business continuity lifecycle, from policy development, business impact assessments, strategy development, business continuity plan development and implementation and facilitation of business continuity training and scenario exercises. Trent has been actively engaged within the NSW Police Force identifying improvement within the current management of their BC program.

He has over 20 years' emergency management experience gained primarily within the NSW Police Force. He has worked in metropolitan and remote locations and was an Academic Associate at Charles Sturt University while training first response police in Operational Safety and Tactics. He is experienced in writing, delivering and evaluating state level, multiagency exercises which has enhanced his capability to ensure exercises are contemporary and realistic across all levels of response and coordination. Trent has been deployed to represent the NSW State Emergency Operations Controller (SEOCON) during various operations including, bushfires, severe weather events and other incidents.

Embedding Cyber Security into your BCM Program Interactive Workshop Objectives: • Enhance the delegates understanding of the Cyber Threat Environment. • Discuss challenges in incorporating Cyber Security into the BCM Lifecycle. • Discuss how to Embed Cyber Security into BCM of programs.

The session will be separated into three interactive / activity based discussions with key questions being directed towards each group. As the session progresses, it will focus on the following areas; • Cyber Threats (What are they, challenges faced) • Actual events which have occurred in Australia (Bureau of Meteorology, Transport

NSW) • Embedding Cyber Security into BCM Programs.

Trent will guide the discussion and link back to a case study. This case study provides insights into a recent project undertaken to assess, develop, implement and embed Cyber Security into the client's existing Business Continuity Program.

Ken Simpson FBCI VR Group

Ken Simpson has 30+ years experience as a manager and leader in both public and private sector organisations. During that time he has led internal Risk, DR and BCM teams, held Executives roles as CIO and CTO and led recovery operations following a major incident.

He is a Fellow of the Business Continuity Institute and holds a range of academic and professional qualification including a BA (Social Sciences), an MBA and is a Certified Organizational Resilience Professional by ICOR.

He is currently an independent management consultant and an active podcaster, blogger, author and speaker about risk, Business Continuity and resilience.

Professional Development & Enhanced Skills Professional Development means developing a wider range of skills, preparing yourself to move into the broader management profession. One key skill is the ability to market and sell yourself and your message. The immediate benefit is you can just use this skill to gain more resources or engagement for your BC program if you want.

This session will offer a method to quickly improve your ability to present, using techniques that are easy to adapt and practice. You will hear from first time presenters telling their story after being coached in this method and share their experience of preparing to present.

Ben Scheltus CEO, Climate Alliance Limited

Ben has a background in IT, business continuity and climate change. His experience is grounded in the chemical, information technology and not for profit industries in Europe and Australia.

Ben has a long-standing interest in the environment – in particular energy systems and more efficient methods of generating power. In 2009, Ben established a not for profit company (Climate Alliance Limited) that helps company directors more easily inform themselves about the risks and opportunities presented by climate change.

Ben is also currently the Business Continuity Manager at KPMG and is responsible for the operation of their BC Program in Australia. He holds a Bachelor of Engineering degree from Monash University and holds a CBCP (DRII).

A Climate for Change: Business continuity in a changing climate. Ben will address the challenges business owners face from climate change. He will consider the business continuity risks they face and address some mitigation strategies adopted by businesses overseas. He will discuss sea-level rise impact on businesses, supply chain issues and the outlook of energy security in Australia. He will also address the fiduciary responsibilities of company directors in light of the risks posed by climate change and provide an overview of developments in the area of improved reporting and management.

Fergus Brooks National Practice Leader, Cyber Risk Aon Risk Solutions

With more than 20 years commercial and consulting experience in the information, communications and technology (ICT) sector, I have a deep understanding of how cyber risk issues arise, and how best to mitigate them. My background includes consulting, solution architecture and sales with organisations whose clients have included some of the world’s largest customers of high-end network and computing solutions. In my role as National Practice Leader for Cyber Risk at Aon, I work with the Financial Specialties team to help clients identify their cyber risk exposures and secure their ICT infrastructure. In many cases, this risk can be largely mitigated through the deployment of various technologies, the implementation of processes or the hiring of specialist IT security personnel. I believe that with cyber risk being an enterprise-wide concern — and one that has significant impacts at the board level — it’s important to be able to communicate the core issues with clarity. For this reason, my approach is to use ‘normal’ language rather than tech jargon, so everyone can understand the rationale and total impacts of a proposed solution. As a passionate cyber security ‘evangelist’ my goal is to demystify technology ensuring that the magnitude of a problem is articulated clearly.

The Risk Revolution – Cyber: the fast-moving target Developing solutions to help organisation secure their IT infrastructures and mitigate their cyber risk vulnerabilities • Cyber fun facts, outlining some lesser known facts regarding cyber risk • 2017 Cyber top 5 exposure trends • Cyber liability, 10 top facts • Building resiliency against cyber risks • Case studies • New mandatory data breach notification laws • The importance of Cyber incident response planning

Eoin Higgins Business Operations Manager Pfizer Australia

Eoin Higgins is a Business Operations Manager at the Sydney based manufacturing operations of Pfizer Australia. With responsibilities for strategy, cultural engagement, communication, & leadership development, Eoin plays a crucial role in supporting the manufacturing operation through a major change initiative that will see the entire plant cease operations.

Eoin is passionate about the theory & practice of organisational development & change. He recently completed a Graduate Diploma in Management with the University of New England and has now embarked on a Master of Research with the Macquarie Graduate School of Management.

Eoin has a keen interest in the role that group facilitation work can play in supporting organisations create their own map to navigate change. He is a co-convener of the volunteer based facilitation community of practice, The Sydney Facilitators Network (SFN). Eoin offers pro-bono facilitation support when he can, most recently helping the not-for-profit Macarthur Legal Centre to develop a strategic plan.

How do we do BC in continuous change?

When the normal business mode is continuous change in multiple iterations, how do you manage your people and processes without them disengaging? Eoin will consider models of change, and what he has learned in developing resilience and adaptability to constant change as an operations leader in a fast changing environment. It will consider how this applies to all aspects of business and include consideration of how business continuity can engage, lead and assist the ‘new normal’ of continuous change environments.

Simon Petie Senior Manager Brisbane RiskLogic

Simon is a Senior Manager with the RiskLogic Business Continuity practice and has worked in the Crisis and Incident Management field for over 15 years. Before joining RiskLogic, Simon was previously with the Department of Defence and has practical experience in management training and decision making under time pressure. Simon is responsible for the management and implementation of numerous business continuity and crisis management projects across multiple industries in Australia. He is practiced in all aspects of the business continuity lifecycle and implementation and facilitation of business continuity training and scenario exercises. Simon brings strong business strategy, workshop facilitation, project management and analytical problem solving skills with a genuine enthusiasm to prepare and develop an organisations continuity planning.

Enhancing Your Leadership Teams Business Continuity Capabilities Through Technology To state that Business Continuity Teams (BC Teams) are under increased pressure today to perform is an understatement. With the current environmental threats combined with the pressures of a 24/7 media cycle, BC Teams are required to make quick accurate assessments of incomplete information. Then, make timely decisions and take action- often separated from their ‘Business as Usual’ management structure by the tyranny of distance. Simon will discuss how technology may not only support BC Teams, but enhance their ability to assess, respond and communicate in a disruption.

BCI Summit Australasia 2017 - B U I L D I N G R E S I L I E N C E -

Peter Brouggy Hon. FBCI Chair BCI Australasia 2020 Think tank

Peter Brouggy Hon. FBCI has been actively involved in the development of organizational resilience intellectual property and resilience tools for over 10 years. In 2014 Peter was the recipient of the Australasia BCI Personality of the Year Award, and in 2015 he received an Honorary Fellowship of the BCI in recognition of his contribution to the profession. In 2016, Peter accepted the Chair of the BCI Australasian 2020 Think Tank where he convenes regular sessions with experienced and emerging thought leaders to review, discuss and develop assets and tools for the benefit of BC and Resilience practitioners.

BCI Australasia Developed Organisational Resilience Tool Exclusive World First Release! Over the past 15 months, Peter, as Chair of the Australasian 2020 Think Tank, has led a group of dedicated senior practitioners and professionals from the Business Continuity and Resilience profession across Australia and New Zealand in developing a tool to assist in both the understanding of Organisational Resilience and the implementation of it.

The first prototype was presented at the 2016 Summit, and a preliminary global review was conducted at BCIWorld in London in November 2016, where the concept was lauded with much excitement.

Since then, the tool has changed significantly and progressed through several iterations.

It is now ready! Developed predominantly by members for members, this tool will be freely available for all BCI Members.

Sarb Johal Associate Professor in Disaster Mental Health at Massey University, NZ

Sarb is a qualified clinical and health psychologist, and holds current valid registrations in both NZ and the UK as well as two doctoral level degrees. He is very experienced in consulting in sensitive work environments, but is courageous in delivering straight talk where it’s needed. He has worked in Government, clinical, academic, NGO and commercial settings delivering professional services for over 27 years. Sarb also has a qualification in Management Consulting from the National School of Government in the UK. Sarb holds an academic appointment as Associate Professor in Disaster Mental Health at Massey University in Wellington New Zealand. He has published numerous peer-reviewed research articles and book chapters, as well as contributing to mainstream media debate in newspapers, magazines and his blog. As well as writing and presenting his own show on BBC World Service, Sarb is a regular contributor to Radio New Zealand's parenting slot, other NZ Radio stations and BBC World News TV. Sarb also MC'd TEDx Wellington 2014 and 2016 and has been re-engaged for 2017.

Human responses to threat and uncertainty, and how to help Includes brief scan of UK Govt Risk Register of civil emergencies, and US Dept of Homeland Security Strategic National Risk Assessment. No matter what the threat or uncertainty, these have real impacts upon citizens and residents, including your business / organisation. What are the consequences of increasing ‘low frequency, high impact events’, with reference to how we can usually get on with life in a resilient manner until we are reminded about how fragile our everyday existence can be, repeatedly over a short period of time. If this happens, we can lose trust that life is generally benign and will work out ok. We lose trust in institutions that are supposed to protect us, in nature, and in our sense of security in our homes What does this loss of trust look like? And what can we do about re-establishing trust, and guiding ourselves and those who we care about to recover.

Sam O’Brien GRC Business Lead Asia Pac & Japan RSA

Sam O’Brien is RSA’s Governance, Risk & Compliance Business Leader for Asia Pacific & Japan. With over 13 years’ experience spanning practitioner, consultant, and pre-sales in a range of GRC domains – including Risk Management, Compliance and Information Security, Sam’s team works closely with companies around the region to understand their GRC challenges and goals, and to design and deliver solutions that can take their GRC capabilities to the next level.

Another Important Trilogy - Bringing together your Resilience, Cyber & Privacy Programs With Notifiable Data Breach laws and General Data Protection Regulation driving change in corporate Cyber and Privacy programmes, they have joined ‘resilience’ as top management and even board-level discussions. At this session, RSA aims to explore some of the fundamentals, challenges and business outcomes of integrating your Resilience, Cyber and Privacy programmes.

Eric Sidoti AMBCI Technical Problem Manager, Datacom

Eric is currently employed as a Technical Problem Manager for Datacom New Zealand. Parallel to all of this he has continued his musical profession as well, becoming a renowned choral conductor and arranger. Eric began his journey into the realms of business continuity only in the last 6 years, nearly 20 years after beginning working in the ICT field. He was at the time employed as Infrastructure Manager at The Open Polytechnic of New Zealand, and was tasked with the complete rebuilding of the data centre, including DR. As an offshoot of this it was discovered that Business Continuity processes were merely scraps of paper with no substance, and he was then further asked to develop a robust and living process for the institution. This led to his achieving his AMBCI and eventually joining the Wellington BCI Committee as an active contributing member

Developing BC Exercises – An Interactive Case Study on how to begin from an empty page How does one start up a business continuity exercise regime from scratch? This interactive presentation will highlight the experiences of two practitioners in Wellington, one experienced and the other a novice, who successfully worked through this process. The story of how this started, where it developed into, and challenging questions for the audience to ponder will make this highly interactive session useful for both the newcomer and the experienced professional.

Ian Wall MBCI Group Business Resilience Director WorleyParsons

After an earlier career as a commercial lawyer, I have spent the past 20 years working in various capacities in the risk and resilience field. In the post-911 environment, I managed a national consulting practice focussed on development and implementation of resilience frameworks for critical infrastructure and major hazard industry owners and operators and associated regulatory bodies. For the past 12 years I have operated as the Group Business Resilience Director for WorleyParsons, a global engineering services business with operations in more than 50 countries. In this role, I manage a team of talented practitioners working to ensure that the company’s global business resilience process – Ready Response & Recovery (R3) is effectively implemented across all company offices and major work projects and in support of a very diverse and mobile workforce.

Managing Sustainable Resilience in a Large Organization – Key Success Factors Ten years ago I was given the challenge to build an organizational resilience system for an ever-changing, complex multinational company – and then asked to implement it globally and be responsible for its ongoing effective application. Today that system is a widely applied, fundamental everyday process of the business, used to help navigate challenging waters and stabilize choppy seas.

The presentation will address how the system was conceived, developed, implemented and most importantly, is sustained. Drawing on practical examples, it will highlight how various challenges were addressed, momentum built and success realized. From this a list of key success factors will be highlighted that may be applicable for use in a range of organization types and sizes.

Dan Ruming Director

Grahame White Snr Consultant Fulcrum Risk Services

Dan is a specialist in the development and delivery of crisis and emergency management training, exercises and programs. He has been involved in the resolution of a range of real-time emergency and crisis management events as a result of having 36 years in Law Enforcement. During that time he worked, state-wide, nationally and internationally whilst holding significant command positions in criminal investigation, high risk policing, emergency management and counter-terrorism. This included the management and delivery of complex exercises. For the past 13 years he has developed Incident and Emergency Management Plans, training and specialist programs to support clients across a wide variety of industries and environments in Australia, New Zealand and Asia. He has also provided crisis management consulting services to senior management teams of organisations from a range of industry sectors, including Banking & Finance, Retail, Government and Communications.

Grahame is a specialist in the development and delivery of crisis management training exercises, workshops and programs. Grahame has developed a wide range of Incident and Emergency Management Plans, simulation exercises, multi-agency exercises and specialist training programs for clients in Australia & NZ. He has also facilitated critical incident simulations and role-based scenario training for public and private sector organisation, and has co-presented crisis management training courses. For 25 years prior to joining Fulcrum Risk, Grahame was involved in training and implementation of hostage negotiation and critical incident response in Law Enforcement at a state and national level. Grahame holds a Graduate Certificate in Alternative Dispute Resolution (Distinction) from UTS and a Graduate Diploma in Police Negotiation

Facilitation – a specialist skill Many of us have done them. Some have run a full-on Crisis Exercise. Most have probably done some form of desktop walkthrough. Designing and preparing a good exercise that truly tests the people, the situation, the plans and the capability and provides positive outcomes in a non-threatening environment is in itself an enormous task that takes great skill and effort. But how often have we seen what could have been a great exercise turn out just good, or even a bit ho hum? What was missing? Why didn’t everything go to plan? Why did that idiot at the end have to be so aggressive and disruptive? As we know, having the plans is the first requirement of successful recovery and capability. But it is how these plans are enacted that can really make a difference. Facilitation is a skill in itself, and one that is often overlooked. In this interactive session, Dan and Graham will show us the special skills used by successful facilitators. How to tame the disruptors, how to successfully use injects – and when, how to manage the flow and kickstart the energy when things go flat and slow down. They’ll look at the dynamics of people, and the different ways different people act in an exercise setting – the egotist, the show off, the wall flower, the detractor and the obstructionist Learn how to deal with the ever changing circumstances of a real world exercise, and how to make your next exercise really great!

Leanne Adams SA State Emergency Services

Leanne Adams is the Manager of Policy and Projects at the SA State Emergency Service (SASES). Her role includes responsibility for the SASES flood team, emergency management, doctrine and policy, and projects. She was seconded to the review team, and co-authored the report, into the extreme weather event which occurred in South Australia 28 September – 5 October 2016. Leanne spent 18 years with the SA Country Fire Service (CFS) in a variety of positions including Manager Standards of Fire and Emergency Cover, Incident Management Project Officer, Regional Officer, Operations Planning Officer, Prevention Officer, Policy Officer and Media Officer. She has extensive experience in emergency services, in state level control & coordination roles & in incident management roles both in South Australia and interstate. Leanne has a Master of Business Administration, and Diplomas of Public Sector Management and Applied Science, Conservation and Land Management. She has also been a finalist in the Telstra Business Womens’ awards twice.

Case study presentation – the state-wide power outage in South Australia that ‘would never happen’ On 28 September 2016 destructive winds caused substantial damage to 23 electricity transmission towers and triggered a State-wide power outage (black system event) in South Australia. The outage resulted in significant disruption to emergency services and hindered all aspects of incident response including: the ability of the community to contact emergency services; response to and coordination of incidents; multi-agency interoperability; and, the ability of the community to support themselves. The black system event occurred during an extreme weather event that involved heavy and persistent rain, destructive winds, large hailstones and flooding. It also occurred in a year where there had been a record number of responses to severe weather incidents and state level, multi-agency activations. The capacity of emergency services was already stretched by the multiple, significant and over-lapping events.

Carolyn Hanson President of the Governance Risk and Compliance Institute (GRCI)

Carolyn Hanson has been in the Compliance field for more than 20 years and is currently the Head of Financial Crime Compliance for the Wealth Management Division of the Commonwealth Banking Group. Carolyn is the current President of the Governance Risk and Compliance Institute (GRCI) in Australia and holds the GRCI Certified Compliance Professional Diploma which also confers an International Federation of Compliance Association accreditation. Carolyn’s experience has been gained in the UK, Isle of Man, Bahamas, Trinidad, Barbados, Dubai and Australia. Working in the Caribbean region Carolyn established compliance regimes for a major banking group and acted as the Regional Compliance Manager and Regional Money Laundering Reporting Officer. Her responsibilities have included prudential/regulatory and financial crime compliance plus management of a team of 50+ Compliance Managers based in 19 jurisdictions across the Caribbean.

The nexus between business continuity, compliance and risk The nexus between business continuity, compliance and risk is an interesting one. Often organisations, especially larger ones, tend to operate in a siloed way. This can mean compliance and risk people look at business continuity from a very different perspective, if they think about business continuity at all. In taking a more holistic approach to these areas there are potential benefits to be gained through efficiency and effectiveness of all the related frameworks. This session aims to provoke thought around how these three areas can interact more productively and proactive steps to integrate thinking going forward.

BCI Summit Australasia 2017 - B U I L D I N G R E S I L I E N C E -

Glen Redstall MBCI Manager BC & EM Inland Revenue

President BCI Australasian Chapter

Glen is currently the Manager, Business Continuity & Emergency Management at Inland Revenue, where he has national responsibility for business continuity, crisis management and emergency management.

In 2013 Glen received the Public Sector Business Continuity Manager of the Year at the Australasian BCI Awards.

Glen has recently led the Continuity of Government project for the Department of Prime Minister and Cabinet in response to the Kaikoura Earthquake in November 2016.

Multi Presentation & panel discussion; November 2016 - The Wellington story In November 2016 Wellington was impacted by two significant natural events in two days. In four mini presentations followed by a panel discussion session four Wellingtonians will share the stories of those events, the impacts on organisations, NZ society and the on-going recovery.

Saul Midler FBCI Linus Consulting MB025-WG2 Subcommittee Chair, Standards Australia. TC292-WG2 Member, International Standards Organization. Business Continuity Institute Australasia Standards Liaison

Saul Midler is very highly regarded as a BCM adviser and expert, which is best evidenced by the following industry awards:

• BCI Global Business Continuity Consultant of the Year in 2013; • BCI Australasian Business Continuity Consultant of the Year in 2013

For almost 25 years, Saul has: • Facilitated BCM projects and Exercises for clients; • Educated Executive Management in BCM and Crisis Management; • Authored BCM Thought Leadership articles; • Presented papers at national and international conferences in countries

including: Canada, China, New Zealand, Kenya and South Africa; • Facilitated public BCM workshops; and • Contributed to various LinkedIn BCM Groups.

Saul represents the Australian BCM community at a domestic and international level through the following membership:

• MB025 - Standards Australia Technical Committee for Security and Resilience. Saul is the Chairperson for Working Group 2 responsible for BCM; and

• TC292 - International Standards Organisations Technical Committee for Security and Resilience which includes BCM.

• Saul has directly contributed to the following ISO Standards: 22317 BIA (published), 22316 Organisational Resilience (in development), 22330 People Aspects of BCM (in development), 22331 BC Strategy Development (in development).

Standards on the Horizon – Understanding International Standards The BCM philosophies and methodologies adopted by organisations across Australia and New Zealand range from personal intuition, through risk management influences to Australian Standards and International Standards.

Globally, the trend for organisations to adopt/align to the International Standards for BC is increasing and while the trend in Australia is also positive, it may not be trending as fast as the rest of the world. The fact that Australia (ie Standards Australia) has not adopted BC International Standards and the general lack of awareness in Australia of BC International Standards are probably the two key reasons for this.

This presentation will demystify International Standards. It will help delegates understand the support information available to practitioners, how standards are developed, what’s coming over the horizon and the significant role Australia has in the development and review of our international standards.

Over the last few years there has been significant attention regarding the role of AS/NZS 5050 ‘Business continuity— Managing disruption-related risk’ as a Business Continuity standard in Australia and New Zealand. This presentation will touch on this issue and provide the most current update regarding AS/NZS 5050 and ISO 22301 etc • Key Take-aways • Big picture understanding of International Standards • Using International Standards as a resource • Which International Standards are of interest to us • What’s in coming over the International Standards’ horizon • Latest position on AS/NZS5050 and ISO adoption in Australia

Bob Walker Sustainability Services Director Deloitte Risk Advisory

Building on an experience base of service within the Australian Military and then State Law Enforcement Bob has for the past 20 years focused on providing advice and services to the public and private sectors in the areas of Safety / Emergency / Business Continuity & Resilience. Bob’s experience has been developed through interaction with a variety of industries including heavy manufacturing & mining, education, government administration and international sporting events. Recognised as a practical and pragmatic leader Bob focuses organisations on determining “what good looks like” within their organisational context and then prioritising effort and focus on ‘what must go right’ to achieve outcomes. In 2017 Bob was responsible for the BCM refresh within a global miner. The scope of services included leading the implementation of the BCM life cycle across the operations of mining, production and enabling infrastructure, and support services that included accommodation villages, water and sewer, and an airport.

Strategic enablers for sustainable resilience Business resilience is the ability an organisation has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity. It suggests an ability to accommodate the unexpected, prepare for, adapt to and engage with and recover from disruptive events. So why is it so difficult to get the whole business facing the same way on resilience? During his presentation, Bob will discuss strategies using real world contemporary examples to identify, develop and connect strategic enablers within the business as usual (BAU) space that must exist to underpin any sustainable resilience strategy.

Tim Rippon MBCI Resilience Director elasticus

For over ten years Tim has been involved with Business Continuity Management, and has a far reaching network of industry professionals, whom he draws upon for advice and support. He has worked in Local Government, Management Consulting, Telecommunications, Health, Finance & Banking sectors, and has worked for various companies during his career, including Coles Myer, KPMG, Deloitte, Barclays Bank, TAL, Telstra and Interactive. In this time, Tim has conducted several BIA refresh programs, with those in financial services to the APRA CPS232 standard, initiated BCM Policies and frameworks, and implemented a managed recovery site for a large financial services firm. Tim specialised in the introduction and implementation of ISO/IEC 27031 ICT Readiness for Business Continuity for a well-known Australian company. Whilst working in various contracting roles since 2014, Tim commenced the development of his own business continuity plan. In September 2016 he ‘invoked’ his plan, now working as a Resilience Director for elasticus providing recruitment, training, consulting and other various solutions.

Building a Cyber Start-up – tips for young players Ever wondered how to establish and run a successful cyber-start-up? This presentation is aimed for young players, ideally around six years of age, who have a lateral thinking mind and are open to new ideas. Using an interactive approach and discussing thought provoking ideas, you will learn some great tips from an experienced cyber-start-up. You will leave in an energised and awesome frame of mind!

Jurie Rossow CEO RForce

As CEO of RForce, Jurie brings over 10 years of experience in resilience in various industries including finance, education, mining, airlines, energy, distribution and government.

Author of three books on resilience and wellbeing as well as a recent research paper on a holistic psychometric measurement scale, Jurie’s driving force is to make high quality wellbeing training accessible to as many people as possible.

At RForce, he drives a combination of digital innovation with advances in psychology and neuroscience, resulting in an ever-advancing cutting-edge digital platform through which wellbeing and resilience can be scalably quantified and enhanced.

Personal Resilience - From Neuroscience to Business Relevance Personal resilience is becoming more important than ever. It affects how people manage risk, how they behave in crises, and how they might cope in a changing world with artificial intelligence and automation. Understanding personal resilience is critical to us as individuals and to businesses. So, what are the six factors of personal resilience, and how can we build these? What can we learn from the mechanics of neuroplasticity and apply it practically to build resilience? And which questions still need to be answered? In this session, we’ll explore the neuroscience of resilience and the implications for business and personal development.

Chris Meehan General Manager – Operations and Training, BSI

Chris joined BSI Group in 2010 and is responsible for the delivery of BSI’s auditing and training services across Australia and New Zealand.

He is a graduate of University of Surrey (UK) and Macquarie Graduate School of Management with experience in operations, marketing and business leadership across a range of industries including Software, Pharmaceuticals and Professional Services. Chris has expertise in setting strategic direction and managing businesses to profitable growth in both the B2B and B2C sectors.

Organizational Resilience - academic evidence, business insights and new thinking Currently, just one third of CEOs are confident in the long-term survival of their businesses. But identifying common practice, let alone best practice, in Organizational Resilience is a significant challenge because of the conflicting guidance found in a variety of information sources.

In response to this challenge, BSI commissioned Cranfield School of Management to assess almost half a century’s management thinking on how organizations can become more resilient. The final report offers today’s business leaders a clear framework to help them manage risk and adapt for future business success, ensuring their organizations remain truly resilient.

Dr John Vargo Co-leader, Resilient Organisations

Dr. John Vargo is co-leader of Resilient Organisations based in Christchurch New Zealand. His interests focus on building organisational resilience in the face of systemic insecurity in a complex and interconnected world. Organisational resilience is the capacity to survive disruption and thrive in an uncertain, turbulent world. The ResOrgs group (www.resorgs.org.nz) has been researching Organisational Resilience since 2004. John’s interest began as an auditor in the US looking at financial risk to firms and extended in NZ as a researcher in computer and network security prior to joining ResOrgs in 2004. John and the Resorgs team has been heavily involved in resilience research following the 2010-2011 series of devastating earthquakes that hit Christchurch, New Zealand. This research has looked at the impacts of the earthquakes on organisations and economic sectors and the application of the ResOrgs 13 indicator resilience model to systemic recovery. Other recent research projects have focused on the resilience of critical infrastructure organisations in Australia and New Zealand and the keystone role they play in the resilience of a community and a nation. John is a science leader on the NZ National Science Challenge for Resilience.

Organisational resilience is more than just business continuity Although Business Continuity Plans often do a good job of preparing organisations to deal with technology and operational disruptions, there is often limited or no coverage for the continuity of people. Issues surrounding staff welfare and engagement are amongst the most crucial issues facing organisations in large scale disasters, yet impacts of societal and personal disruption rarely feature in BCPs.

Resilience is a systemic way of looking at how an organization can survive a crisis and thrive in an uncertain world. Business continuity is an important aspect for surviving the crisis, but it is only part of the bigger picture addressed by organisational resilience.

John’s presentation will identify some of the key continuity of people issues that are at the heart of resilience. These are aspects that can be incorporated into Business Continuity practice and support the move to a ‘Business Continuity’ for the 21st Century’, one that incorporates more aspects of resilience, especially the ‘people’ areas of leadership, culture, staff welfare, and engagement.

David Thorp Executive Director, The BCI

David Thorp commenced as Executive Director of the Business Continuity Institute in November 2016. He has spent over 20 years in senior management positions in professional bodies and prior to joining the BCI he was Chief Executive of the Security institute in the UK.

Previous roles include Director of Research and Professional Development at the Chartered Institute of Marketing and General Manager of the Sales Leadership Alliance.

David’s professional skills are in the fields of marketing and learning & development. Earlier in his career he was marketing director and then managing director of an international training business.

The BCI: A New Resilient Direction The world is changing. For those working in Business Continuity Management (BCM) and Resilience it appears that a ‘tipping point’ has been reached. Job responsibilities, expectations and career paths are shifting. Change that can be uncomfortable for some, brings exciting new possibilities for others. With these changes in the profession, it is important that the BCI as a support Institute evolves to meet the new challenges this represents. David will take us on a journey through the new 2017-2021 BCI Strategy adopted by the global BCI Board last week. Hear about the new engagement model and how this will enhance the Member benefit. Listen as David explains the BCI’s enhanced global platform, and how this will benefit all stakeholders in the BC and Resilience space, and itself build a relevant and resilient future.

BCI Summit Australasia 2017 - B U I L D I N G R E S I L I E N C E -

Your Notes

BCI Summit Australasia 2017 - B U I L D I N G R E S I L I E N C E -