axa business resilienceo.b5z.net/i/u/10027843/i/usr/554/tony_swift_-_axa.pdf · 2021. 2. 6. · axa...
Post on 07-Mar-2021
2 Views
Preview:
TRANSCRIPT
AXA BUSINESS RESILIENCE
The transition to Resilience –
Scottish Continuity -Resilient Scotland Conference 23rd Feb 2017
Confidential
Version 1.0
AXA Group
A connected world
CONFIDENTIAL2 | Business Resilience
Table of contents
1. About AXA
2. What is Resilience
3. Business Continuity
4. AXA’s journey
5. Operational Resilience
CONFIDENTIAL3 | Business Resilience
64 COUNTRIES 103M CUSTOMERS
166,000 EMPLOYEES
2015 REVENUE
EURO 98,534 MILLION
NET INCOME: EURO 5.6BILLON
UK & IRELAND REPRESENTS 6% OF GROUP
REVENUE
AXA Insurance
4 | Business Resilience
AXA GROUP FACTS & FIGURES
Confidential
39%
36%
25%
Property & Casualty, International
Savings & Asset Management
Protection & Health
UK & IRELAND REPRESENTS 6% OF GROUP REVENUE = £4.1B
revenue
AXA Insurance
5 | Business Resilience
AXA in the UK
Confidential
Glasgow
Teesside
Bolton
Tunbridge-Wells
London Cardiff
Bristol
Cobham
Ipswich
Birmingham
Manchester
Leeds Morecambe
Dublin
Belfast
AXA Insurance
AXA PPP Healthcare
AXA Corporate Solutions
AXA Art
AXA Group Solutions
AXA Technology Services AXA Investment Managers
Alliance Bernstein
AXA Liabilities Managers
AXA Assistance
AXA Rosenberg
“ the capacity to recover quickly from difficulties; toughness”
Oxford Dictionary
“the capacity of a system to absorb disturbance and reorganize while
undergoing change” The Resilience Alliance
“the ability to prepare for and adapt to changing conditions and withstand
and recover rapidly from disruptions” Department of Homeland Security
“The ability of a system or organisation to withstand and
recover from adversity. Resilience is underpinned by good design
of networks, effective emergency response, business continuity
planning and recovery arrangements” The Cabinet Office
AXA Insurance
6 | Business Resilience
What is Resilience?
Confidential
In 2011 AXA Insurance BCCM looked like most traditional busines unit
set ups:
Operational Risk & Compliance Director
Business Continuity & Crisis Manager
BCCM Team X 2
• Business Impact Analysis Workarea Recovery Exercises
• Business Recovery Strategies Scenario exercises
• Business Recovery Planning Incident Management
• Crisis Management Planning BC Awareness & training
AXA Insurance
AXA Business Continuity & Crisis Management
Confidential 7 | Business Resilience
PHYSICAL SYSTEMS
HUMAN
AXA Insurance
8 | Business Resilience
Threats & Triggers
Confidential
Water / Fire Damage
Utility Failure
Adverse Weather
Data leakage
Cyber attack
Network failure
Internet outage
Terrorist
Supply Chain
Theft
Data Centre outage
Demonstrators/protests
Telephony failure
Process failure
Categories:
AXA Insurance
Incidents & Root Cause Analysis
Confidential 9 | Business Resilience
Data Applications
Telephony
Power
Supplier Links
Project / Change
Third-Party
Networks
Server Infrastructure
Website Mainframe
10 Business Resilience
AXA Insurance
Critical
Infrastructure
Communications
Property
IT
Infrastructure
People
Security
Governance
Telephony
Systems Resilience
Networks
Physical Security
Contingency Space
Applications
Infrastructure
HR SystemsEnvironmental, H&S
AXA Tech
Group IS
Corporate
Server Infrastructure
Data Centres
Staff Inductions
Change Programme
Change Advisory Board
Live Projects
AXA Insurance
11 Business Resilience
PROPERTYSERVICES
Infrastructure
Site & Threat Assessment
Contingency Space
Physical Security
Regular Inspections
Annual Physical Security review
SIA trained manned guards
Governance
Property Steering Committee
Clear Desk Policy
BRS & Property Forum
UPS & Generator
Maintenance Schedules
Projects & Space Planning
External Audit of access control
CAD –regular update of plans
CCTV code of practice
Bomb Threat
Dealing with Protestors
FM contracts
Post 2011 AXA Insurance BCCM changed to Business Resilience and
looked like:
Operations Director
Head of Resilience & Corporate Security
BRS Team X 4
• Business Impact Analysis Workarea Recovery Exercises
• Business Recovery Strategies Scenario exercises
• Business Recovery Planning Incident Management
• Crisis Management Planning BC Awareness & training
• Data Leakage/ Monitoring Physical Security Assessments
• Third-Party Security Health checks Change Control Board
• Property Steering Committee Internal Financial Controls
• PCIDSS Service Assurance
AXA Insurance
AXA Business Continuity & Crisis Management
CONFIDENTIAL12 | Business Resilience
Power incident at NW location – December 2015
Power sub-station at Caton Road, Lancaster
AXA Insurance
Example
CONFIDENTIAL13 | Business Resilience
THE FUTURE?
CONFIDENTIAL
AXA Insurance
AXA commissioned ‘pwc’ to run an Operational Resilience Maturity Assessment within the UK based on what the
Financial Regulators would expect to see.
CONFIDENTIAL15 | Business Resilience
Governance of IT
Operational Resilience
Resilience Framework
Capability
Service Operation &
Capacity
Risk Management
Change Management
Service Continuity
Operational Resilience
Incident Management
Sourcing & External
Dependencies
Incident management
Incident response processes are in place to identify, classify and to help ensure appropriate, measured responses. Incident related MI helps drive strategic Operational Resilience decisions and investments.
Service Continuity
Appropriate continuity plans are in place for all critical services which are well understood by the organisation. These plans are reviewed and assessed regularly to help ensure successful implementation in a continuity scenario.
Governance of IT Operational Resilience
The Operational Resilience strategy is aligned and embedded with the Business and IT strategies. Operational Resilience drives investment and risk decisions. The Board and Executive Management have accurate and adequate oversight of resilience activity, trends and remediation to assist them in making decisions.
Resilience Framework
An Operational Resilience framework is in place across the organisation, with clear definition and accountability for the different aspects of resilience. The framework is current, communicated and understood by the organisation.
Capability
The organisation has sufficient skills and resources to deliver and help ensure operational resilience. There is a clear understanding of roles and responsibilities and the organisations Operational Resilience risks.
Change management
Assurance and resilience is embedded in change control and SDLC activity where testing occurs across application development and infrastructure change. Well governed, documented change processes are in place and are fully understood by the organisation.
Service operations and capacity
Technology services and processes have been designed in such a way that they ensure continuity and there is appropriate investment in these services and processes. Organisations can demonstrate through testing and monitoring the effectiveness of capacity and continuity measures.
Sourcing and External Dependency
There is clear consideration and understanding of the dependencies on external or sourcing partners and the level of risk that is introduced into the critical services. Performance, risk and effectiveness of these relationships are frequently assessed and understood.
Risk management
An effective ‘Three Lines of Defence’ model is in place whereby operational resilience risks are understood, assessed, monitored and communicated to the Board and Executive Management. Risk Appetite for critical services have been defined and drive risk acceptance and risk mitigation activities. Risk MI assists in both strategic and tactical decisions.
AXA Insurance
16 | Business Resilience Confidential
top related