h2|Resilicon h3|Resilience Consulting AB sp|Resilicon helps businesses, governments and other organizations to handle disruptions in business processes, so that production of goods and services can continue without unacceptable disruption. The area often called "BCM" - , has traditionally meant that a continuity plan has been produced after completion of the development of processes and IT support, which has led to continuity plans often becoming paper tigers. The more modern approach, which Resilicon trying to implement, is to the resilience of the disturbance processes and IT support at several levels, so that processes are robust and resilient. Within the BCM, we work mostly with a traditional PDCA cycle (Plan-Do-Check-Act), which at worst means that the continuity of the functionality is reviewed in quite some time interval. Resilicon trying primarily to interconnect incidenthanterings and problem management processes with continuity of management, so that each incident is linked to action, which improves availability and reduces the effect of disturbances. In the IT field, this means that the development or modification of IT support, so is continuity issues some of the earliest steps in the process. This mindset is also in ITIL V3, where the IT Service Continuity Management now ingårl in the field "Service Design". The word "resilience" is borrowed from physics concepts "elasticity", which describes a body's ability to regain original shape when bending. It is no coincidence that some of today's most successful companies in the world has a view, which is about making business processes "resilient". Unfortunately, we often see examples of activities that do not work, as customers, patients, shareholders and other stakeholders expect. Sure you can have bad luck, so that something does not work, as it should, but in almost all known cases of failure of various types of works to manufacture or service processes, it is because the problems that the business is not working well enough with continuity issues. em|build pa|är ett aktiebolag, som startade sin verksamhet hösten 2006. Bolaget har sitt säte i Stockholm. Bolaget innehar F-skattsedel. 556715-0056 h2|Resilicon h3|Resilience Consulting AB h4|Organisationsnummer h2|Resilicon h3|Resilience Consulting AB sp|Resilicon helps businesses, governments and other organizations to handle disruptions in business processes, so that production of goods and services can continue without unacceptable disruption. The area often called "BCM" - , has traditionally meant that a continuity plan has been produced after completion of the development of processes and IT support, which has led to continuity plans often becoming paper tigers. The more modern approach, which Resilicon trying to implement, is to the resilience of the disturbance processes and IT support at several levels, so that processes are robust and resilient. Within the BCM, we work mostly with a traditional PDCA cycle (Plan-Do-Check-Act), which at worst means that the continuity of the functionality is reviewed in quite some time interval. Resilicon trying primarily to interconnect incidenthanterings and problem management processes with continuity of management, so that each incident is linked to action, which improves availability and reduces the effect of disturbances. In the IT field, this means that the development or modification of IT support, so is continuity issues some of the earliest steps in the process. This mindset is also in ITIL V3, where the IT Service Continuity Management now ingårl in the field "Service Design". The word "resilience" is borrowed from physics concepts "elasticity", which describes a body's ability to regain original shape when bending. It is no coincidence that some of today's most successful companies in the world has a view, which is about making business processes "resilient". Unfortunately, we often see examples of activities that do not work, as customers, patients, shareholders and other stakeholders expect. Sure you can have bad luck, so that something does not work, as it should, but in almost all known cases of failure of various types of works to manufacture or service processes, it is because the problems that the business is not working well enough with continuity issues. em|build pa|Resilicon Ljusnevägen 64 128 48 BAGARMOSSEN Ljusenvägen 64, Bagarmossen 0730-967096 h2|Kontakt h4|Postadress Besöksadress Telefon e-post pa|Resilicon hjälper företag, myndigheter och andra organisationer att hantera störningar i verksamhetsprocesserna, så att produktion av varor och tjänster kan fortgå utan oacceptabla avbrott. Området kallas oftast "BCM" – och har traditionellt inneburit att en kontinuitetsplan producerats efter att processer och IT-stöd har färdigutvecklats, vilket har lett till att kontinuitetsplanen ofta blivit en papperstiger. Det modernare synsättet, som Resilicon försöker tillämpa, handlar om att störningståligheten i processer och IT-stöd i flera nivåer, så att processerna blir robusta och motståndskraftiga. Inom BCM arbetar vi oftast med en traditionell PDCA-cykel (Plan-Do-Check-Act), som i sämsta fall innebär att kontinuitetsfunktionaliteten gås igenom med rätt långa tidsintervall. Resilicon försöker i första hand att koppla ihop incidenthanterings- och problemhanteringsprocesserna med kontinuitetshanteringen, så att varje incident kopplas till åtgärder, som förbättrar tillgänglighet och minskar påverkan av störningar. Inom IT-området innebär detta, att vid utveckling eller modifiering av IT-stöd, så är kontinuitetsfrågorna del av de tidigaste stegen i arbetet. Detta tänkesätt finns också i ITIL V3, där IT Service Continuity Management numera ingårl i området "Service Design". Ordet "resilience" är hämtat från fysikens begrepp "elasticitet", som beskriver en kropps förmåga att återta ursprunglig form vid deformation. Tyvärr ser vi ofta exempel på verksamheter, som inte fungerar, som kunder, patienter, aktieägare eller andra intressenter förväntar sig. Visst kan man ha otur, så att något inte fungerar, som det borde, men i så gott som samtliga kända fall av avbrott i olika typer av tillverksnings- eller tjänsteprocesser, så beror problemen på att verksamheten inte arbetat tillräckligt bra med kontinuitetsfrågorna. h2|Resilicon h3|Resilience Consulting AB h4|Det är inte någon tillfällighet att några av de i dag mest framgångsrika företagen i världen har ett synsätt, som handlar om att göra affärsprocesserna "motståndskraftiga". sp|English em|bygga in h2|Resilicon h3|Resilience Consulting AB sp|Resilicon helps businesses, governments and other organizations to handle disruptions in business processes, so that production of goods and services can continue without unacceptable disruption. The area often called "BCM" - , has traditionally meant that a continuity plan has been produced after completion of the development of processes and IT support, which has led to continuity plans often becoming paper tigers. The more modern approach, which Resilicon trying to implement, is to the resilience of the disturbance processes and IT support at several levels, so that processes are robust and resilient. Within the BCM, we work mostly with a traditional PDCA cycle (Plan-Do-Check-Act), which at worst means that the continuity of the functionality is reviewed in quite some time interval. Resilicon trying primarily to interconnect incidenthanterings and problem management processes with continuity of management, so that each incident is linked to action, which improves availability and reduces the effect of disturbances. In the IT field, this means that the development or modification of IT support, so is continuity issues some of the earliest steps in the process. This mindset is also in ITIL V3, where the IT Service Continuity Management now is a part of "Service Design". The word "resilience" is borrowed from physics concepts "elasticity", which describes a body's ability to regain original shape when bending. It is no coincidence that some of today's most successful companies in the world has a view, which is about making business processes "resilient". Unfortunately, we often see examples of activities that do not work, as customers, patients, shareholders and other stakeholders expect. Sure you can have bad luck, so that something does not work, as it should, but in almost all known cases of failure of various types of works to manufacture or service processes, it is because the problems that the business is not working well enough with continuity issues. em|build pa|En genomgång av företagets/organisationens status för kontinuietshanteringen baseras på gällande och kommande standarder [ISO 27001, ISO 25999 och ISO 25777]. Genomgången kan antingen göras som en formell revision, men kan också göras som en "hälsokontroll", för att ledningen snabbt skall få en bild av status. Det är möjligt att uppnå "compliance" utan att det finns ett avbrottsskydd, som verkligen fungerar. I "hälsokontrollen" ingår att försöka nå förbi hantering, som bara fungerar "på pappret". Konsekvensanlays (Business Impact Analysis - BIA) är ett verktyg, som används för att kartlägga hur verksamheten påverkas av olika typer av störningar. Analysen görs delvis utan hänsyn till sannolikheten för en viss händelse. Maximalt acceptabla avbrottstider för affärsprocesserna kartläggs och översätts till krav på återstartstid för de funktioner, som stöder processerna. I många fall finns IT med som förutsättningar för att affärsprocesserna skall fungera. I dessa fall beskrivs krav på återstartstider och vilken dataförlust, som kan accepteras vid olika typer av avbrott. Till skillnad för "Konsekvensanalysen", så arbetar riskanalysen med hotbild och sannolikhet för olika händelser. Detta leder till att ett antal händelser med högre sannolikhet kan tas om hand i verksamhetens säkerhetsarbete. Riskanalysen kan dessutom användas till att stick hål på en del "slumpmässiga" risker. Vid djupare analys visar det sig ofta att "slumpen" har använts som etikett för händelser, som inte analyserats tillräckligt. Analysen kan visa att det går att få bort risken helt, då dess mekanismer klarlagts ytterligare några steg. För IT-beroende verksamheter kan "hälsokontroller" kompletteras med en processöversyn baserad på att ITIL eller motsvarande regelverk tillämpas. Översynen utgår från att processerna "Change Management", "Configuration Management", "Incident Management", "Problem Management", m.fl. skall hantera kontinuitetsskyddet, så att förändringar i IT-miljön direkt påverkar kontinuitetshanteringen samt att störningar som påverkar verksamheten så fort som möjligt skall leda till förbättringar av hanteringen. Med utgångspunkt från konsekvensanalysen väljs kontinuitesstrategi för verksamhetens olika delar. Eftersom utvecklingen inom området går i riktning mot att hantera alla typer av kontinuitetskrav på ett enhetligt sätt, d.v.s. vardagliga avbrott och ytterligheter i form av "katastrofer", skall behandlas på ett sätt som byggs in i processer och IT-system, så måste kontinuitetsfrågorna finnas med från början i utformningen av processer och deras stödsystem. IT-intensiva verksamheter tillämpar ofta ITIL. I version V3 av ITIL har följdriktigt den process, som kalls "IT Service Continuity" numera placerats i området "Service Design". Kontinuietsarbetet byggs i första hand in i de vardagliga operativa rutinerna. I IT-sammanhang skall stora delar funktionaliteten finnas i driftrutiner. Om en serverhall slås ut, så sker återstart av respektive server på samma sätt, som om en ny server installerats med den skillnaden att en prioritering av arbetet måste göras, så att de mest affärskritiska systemen återstartas först. Att kunna hantera t.ex. återstart av många servrar samtidigt ställer krav på planering, drill och verktyg. Det duger inte med en förteckning över vilka system och servrar, som finns, eller i värsta fall fann för ett halvår sedan. Hantering av bortfall av IT-resurser underlättas av tillgången till virutella lösningar. De delar av kontinuitetslösingarna, som inte automatiskt testas genom att de ingår i den dagliga produktionen, måste ovillkorligen testas. Ingen test - ingen lösning. Finns två parallella servicekomplex, så måste lösningar där det ena komplexet tas ner, som vi en katastrof genomföras. Synkronisering av speglade diskar efter avbrott på den ena måste testas. Återstart från annan typ av backup måste också testas. Kontinuitetsövningar är till för att trimma de manuella rutinerna, som ingår i kontinuitetsövningar. I många fall kan kontinuitetstester kombineras med övningsmoment, men det finns "drillmoment", som kan behöva testas separat. Avbrott, där påverkan på verksamheten är allvarlig och där mediaintresset ofta är högt hanteras i krisledningsplaner, som utgör en del av kontinuitetshanteringen. Med hjälp av REGA-metoden genomförs kontinuitetsplaneringsprojekt i koncentrerad seminarieform. De som arbetar i projektet befinner sig under ett antal dagar i ett projektrum. Beslutsfattare behöver inte delta i seminariet men måste åta sig att vara tillgängliga för beslut. h2|Våra tjänster h5|"Hälsokontroll" - Kontinuitetshantering > Konsekvensanalys > Riskanalys > Processöversyn (ITIL) > Kontinuitetsstrategi > Kontinuitetsplanering > Planering och genomförande av tester > Planering och genomförande av kontinuitetsövningar > Planering och genomförande av krisledningsövningar > REGA-metoden för koncentrerat genomförande av kontinuitetsprojekt > sp|Kontinuitetsplaneringsprojekt tenderar att bli långvariga. Ofta är många personer involverade, och det är svårt att få till stånd möten. pa|Jag heter Fred Kudrén och är ägare till Resilicon, där jag arbetar som konsult. Jag har IT-bakgrund och har arbetat med Informationssäkerhet och kontinuitetsplanering sedan 1990. Innan dess arbetade jag både brett och djupt inom IT. Under slutet på 80-talet var jag teknisk chef vid Bankgirocentralen. 1990-1997 arbetade jag vid Backupcentralen/Infosec i flera olika roller. 1997-2006 var jag anställd vid Ericsson och arbetade bl.a. som intern managementkonsult och säkerhetschef för Ericsson Global IT Services. Senare blev jag ansvarig för kontinuitetshantering () samt "governance" av IT- och informationssäkerhet i det arbete, som utfördes av Ericssons outsourcingleverantörer (HP och IBM). "Compliance"-frågor var en viktig del av arbetet (ISO 27000 och SOX). Jag har en fil.kand.-examen i matematik och informationsbehandling och är certifierad CISM (Certified Information Security Manager) - ISACA och är certifierad medlem av The Business Continuity Institute. Dessutom är jag certifierad i ITIL v3 Foundation. pa|Resilicon Ljusnevägen 64 SE-128 48 BAGARMOSSEN Sweden Ljusnevägen 64, Bagarmossen, Sweden (South of Stockholm) +46 (0) 730-967096 h2|Contact h4|Postal address Visiting address Phone e-mail pa|certificate. (Registered for service execution). SE556715005601 h2|Resilicon h3|Resilience Consulting AB h4|Registered VAT-Number sp|is a limited company, which started operations in autumn 2006. The company has its headquarters in Stockholm. The company holds an F-tax Registered Number 556715-0056 pa|IT Interruption, where the impact on business is serious and where media interest is often highly processed in crisis management plans, which are part of the continuity of management. h2|Our Services h5|"Health Check"– Continuity Management > Business Impact Analysis > Risk Analysis > Process Review (ITIL) > Continuity Strategy > Continuity Planning > Planning and Execution of Tests > Planning and Execution of Continuity Exercises > Planning and Execution of Crisis Management Exercises > The REGA-Method for Concentrated Implementation of Continuity Projects > sp|A review of the company / organization the status of based on current and future standards [ISO 27001, ISO 25999 and ISO 25777]. The screening can be done either as a formal audit, but can also be done as a "health check", to enable management to quickly acquire an image of status. It is possible to achieve "compliance" without there being an interruption protection that really works. The "Health Check" is to try to reach past the handling, which only works "on paper". Business Impact Analysis–BIA–is a tool, used to identify how operations are affected by different types of disturbances. The analysis is done in part without regard to the likelihood of a particular event. Maximum acceptable downtime for your business processes are mapped and translated into demands for återstartstid for functions, which support the processes. In many cases, IT with the conditions for business processes to function. In these cases, describes requirements for restarting times and the loss of data that can be accepted at the different types of interruptions. Unlike the "impact assessment", so working with risk analysis, threat and likelihood of various events. This leads to a number of events with higher probability can be taken care of business safety. Risk analysis can also be used to spot holes in some 'random' risk. For deeper analysis, it turns out often that "chance" has been used as a label for the events not been analyzed enough. The analysis may show that it is possible to eliminate risk entirely, where its mechanisms elucidated a few additional steps -dependent businesses can "check-ups" supplemented by a review process based on ITIL or equivalent regulations apply. The review assumes that the processes of "Change Management", "Configuration Management", "Incident Management", "Problem Management", etc. to deal with continuity protection, so that changes in the IT environment directly affects continuity management and to disturbances that affect the operation as soon as possible will lead to improvements in management. On the basis of the study are continuity strategies selected for the different parts of the operation. As the development in the area is towards managing all types of continuity requirements in a uniform manner, ie, daily interruption and extremes in the form of "disaster", should be treated in a manner that is built into processes and IT systems, so must be continuity issues with the beginning of the design of processes and their support systems. IT-intensive activities are often applied ITIL. The version of ITIL V3 is the logical process, called "IT Service Continuity" is now placed in the field "Service Design" The continuity functions are primarily built into the daily operational procedures. In the IT context, much of the functionality included in operating procedures. If a server room knocked out, so is restarted each server in the same manner as if a new server installed with the difference that a priority of work must be done so that the most business-critical systems be restarted first. To cope with such restarting of many servers at the same time requires planning, drill and tools. There is no good having a list of systems and servers, which are, or at worst, was found six months ago. Dealing with loss of IT resources is facilitated by the availability of virutella solutions. The parts of the continuity solutions, which are not automatically tested by being included in the daily production, must necessarily be tested. No test - no solution. There are two parallel services complex, so must solutions where one complex is down, we implemented a disaster. Synchronization of mirrored disks after an interruption of one must be tested. Restarting from another type of backup must also be tested. Continuity Practice is designed to trim the manual procedures, as part of continuity exercises. In many cases, continuity tests combined with exercise moments, but there are drill torque ", which may be tested separately. Continuity Planning Projects tend to be prolonged. Often, many people involved, and it is difficult to obtain appointments. With the help of REGA method implemented business continuity planning project in a concentrated form of seminars. Those working in the project is under a number of days in a project room. Policymakers need not attend the seminar but must commit to be available for adoption. pa|" n. sp|My name is Fred Kudrén and I am the owner of Resilicon, where I work as a consultant. I have IT background and has worked with Information security and business continuity planning since 1990. Before that I worked in both wide and deep in IT. During the late '80s, I was technical director at Bankgirocentralen. 1990-1997 I worked at the Backup Center / Infosec in several different roles. 1997-2006 I was employed at Ericsson and worked as an internal management consultant and security manager for Ericsson Global IT Services. Later I became responsible for continuity management () and "governance" of IT and information security in the work, which was conducted by Ericsson's outsourcing vendors (HP and IBM). Compliance" issues were an important part of the process (ISO 27000 and SOX). I have a B.Sc. degree in mathematics and information processing, and is a certified CISM (Certified Information Security Manager) - ISACA and is a certified member of The Business Continuity Institute. Moreover, I am certified in ITIL v3 Foundatio