Cisco Public
Cisco
ONEx
BC Program Customer Overview
Page
1
A printed or duplicate soft copy of this document is considered uncontrolled. Refer to the
o
nline version for the latest revision.
Document Number: EDCS-1512542
Author: Brian Stoner
Title: Cisco ONEx BC Manager
Last Updated: 23 June 2023
Next Review: 23 June 2024
Cisco ONEx
Business Continuity Program
Customer Overview
Revision History & Approvals
Revision history and approval tracked in Doc Central.
Effectivity Information
Guide Effective Date
23 July 2015
Controlled Copy Location https://docs.cisco.com/share/s/zhdvnR6CTg6t68FuWiv2VA
Note: Guide approval is tracked in EDCS. A printed version of this document constitutes an
uncontrolled copy. User should verify they have the latest version before use.
Cisco Public
Cisco
ONEx
BC Program Customer Overview
Page
2
A printed or duplicate soft copy of this document is considered uncontrolled. Refer to the
o
nline version for the latest revision.
Table of Contents
1 Overview ........................................................................................................................ 3
2 Cisco ONEx Business Continuity Team Structure ...................................................... 3
3 Cisco ONEx BCMS Overview ........................................................................................ 3
3.1 Associated Documents ....................................................................................................... 3
4 Cisco ONEx BCMS Structure ........................................................................................ 4
4.1 Program Initiation & Management ...................................................................................... 4
4.2 Risk Evaluation & Control ................................................................................................... 4
4.3 Business Impact Analysis ................................................................................................... 4
4.4 Business Continuity Strategies ........................................................................................... 5
4.5 Emergency Preparedness & Response .............................................................................. 5
4.6 Business Continuity Plan Development & Implementation ................................................. 5
4.7 Awareness & Training Programs ........................................................................................ 5
4.8 BCP Exercises, Audits, & Maintenance .............................................................................. 6
4.9 Crisis Communications ....................................................................................................... 6
4.10 Coordinating with External Agencies .................................................................................. 6
5 Want to Learn More? ..................................................................................................... 7
5.1 Contact Us .......................................................................................................................... 7
5.2 Other Resources ................................................................................................................. 7
Cisco Public
Cisco
ONEx
BC Program Customer Overview
Page
3
A printed or duplicate soft copy of this document is considered uncontrolled. Refer to the
o
nline version for the latest revision.
1 Overview
Cisco Systems Executive Management recognizes the strategic importance of Business Continuity
(BC) and Disaster Recovery (DR) planning. They have established policies in support of the
Business Continuity Management System (BCMS) and assigned responsibility for enterprise-level
BCMS program management to the Treasury department.
Program Managers from various Cisco business functions participate in a working group to share
best practices, promote collaboration, and ensure consistency of operations across Cisco. Each
Cisco organization is responsible for developing and implementing appropriate BC and DR plans and
for managing their individual programs.
2 Cisco ONEx Business Continuity Team Structure
The Cisco ONEx Business Continuity Management team is responsible for the global Cisco ONEx
BCMS. The Cisco ONEx BC Manager represents Cisco ONEx as a member of the program
management working group mentioned above.
Cisco ONEx works side-by-side with customers and partners to develop, implement, and support their
network solutions. Our management has the entire organization focused on solving the toughest
business challenges with network-centric solutions to accelerate customer and partner success and
loyalty. Delivering a consistent, integrated, and trusted experience as the leader in technical service
requires a high level of availability, dependability, and resilience to business interruption.
To help us achieve our goals, Cisco ONEx invests in Business Continuity planning activities to
minimize the impact of interruption in the case of an adverse event. A Business Continuity
Management System (BCMS) is installed and is managed by a dedicated team of Business
Continuity professionals specific to Cisco ONEx. Core members of the Cisco ONEx BC team are
Disaster Recovery Institute International (DRII) certified as Business Continuity Professionals and
BCMS Auditors to ISO 22301.
This overview focuses on the processes in place to understand risks to our business operations,
identify the potential impacts of interruptions, develop Business Continuity plans (BCPs), and then
exercise and maintain those plans.
3 Cisco ONEx BCMS Overview
The Cisco ONEx BCMS is modeled on, and where appropriate, conforms to the international
standard for Business Continuity Management Systems (ISO 22301).
3.1 Associated Documents
Key components of the Cisco ONEx Business Continuity Management System are described in
greater detail in documents designed for consumption by Cisco customers.
EDCS-1512542: Cisco ONEx BC Program – Customer Overview
EDCS-1512543: Cisco ONEx Business Continuity Planning – Customer Overview
EDCS-1512544: Cisco ONEx IT Environment Recovery – Customer Overview
EDCS-1512545: Cisco ONEx Supplier Resiliency Program – Customer Overview
Cisco Public
Cisco
ONEx
BC Program Customer Overview
Page
4
A printed or duplicate soft copy of this document is considered uncontrolled. Refer to the
o
nline version for the latest revision.
4 Cisco ONEx BCMS Structure
4.1 Program Initiation & Management
Cisco ONEx Executive Management recognizes the need for a BC management program and has
established the infrastructure to support this need. This infrastructure includes budget, personnel,
tools, and support in the form of policies and other communications.
Quarterly reviews of the Cisco ONEx BCMS are conducted with management. These reviews include
an overview status of the effectiveness of the program, the status of actions from previous reviews,
changes, and issues relevant to the BCMS, a review of performance metrics related to the program,
results of any audits performed, and opportunities for continual improvement.
4.2 Risk Evaluation & Control
Cisco maintains a documented risk assessment process that systematically identifies, analyzes, and
evaluates the risk of disruptive incidents to the organization. Periodic risk assessments are performed
to identify the risks, threats, and vulnerabilities that are both inherent and acquired which can
adversely affect Cisco ONEx and its resources or impact our brand.
Once identified, threats and vulnerabilities are assessed as to the likelihood that they would occur
and the potential level of impact that would result. Cisco ONEx focuses on high probability and high
impact events to identify where controls, mitigations or management processes are non-existent,
weak or ineffective. This evaluation results in recommendations from the BCM Program for additional
controls, mitigations or processes to be implemented to increase resiliency from the most commonly
occurring and/or highest impact events.
Cisco ONEx relies on partners to provide some products and services. Annual supplier risk
assessments are performed on suppliers meeting defined criteria. Suppliers use online forms to
describe their BC and DR programs and upload evidence to show the effectiveness of these
programs. The Cisco ONEx BC team audits the responses and evidence files. Assessment data is
used to calculate supplier risk, form mitigation strategies, and drive corrective action.
4.3 Business Impact Analysis
Cisco ONEx conducts a Business Impact Analysis (BIA) every year. BIAs are entered into a
repository and are used to capture the likely and potential impact over time from events on the
organization or our processes and the criteria that will be used to quantify and qualify such impacts.
Subject Matter Experts (SMEs) from business function groups provide financial, operational,
customer, regulatory and/or reputational impacts for critical processes. This data is used consistently
throughout Cisco ONEx to define the Recovery Time Objective (RTO) and Recovery Point Objective
(RPO) for each process.
The result of this analysis is a list of time-sensitive processes and the requirements to recover them in
the timeframe that is acceptable to our organization. The BIA data is subsequently used to create or
update the Business Continuity Plan (BCP) for each business function group.
Cisco Public
Cisco
ONEx
BC Program Customer Overview
Page
5
A printed or duplicate soft copy of this document is considered uncontrolled. Refer to the
o
nline version for the latest revision.
4.4 Business Continuity Strategies
The Cisco ONEx BC team uses data that was collected during the BIA and risk assessment to
identify available continuity and recovery strategies for our operations and technology.
Recommended strategies are approved and funded by senior management. They are required to
protect our prioritized processes and meet both the RTO and RPO identified in the BIA. As needed, a
cost benefit analysis is performed on the recommended strategies to align the cost of implementing
the strategy against the assets at risk. The BIA reports are considered highly confidential and are only
shared outside of Cisco in redacted form.
4.5 Emergency Preparedness & Response
Cisco Global Safety, Security, & Business Resiliency has developed and implemented plans for
response to emergency situations that may impact the safety of our employees, visitors, or other
assets. These enterprise-wide plans are followed by Cisco ONEx.
Documented emergency response plans identify how Cisco ONEx will respond to emergencies in a
coordinated, timely and effective manner to address life safety and stabilization of emergency
situations until the arrival of trained or external first responders.
Additionally, Cisco ONEx maintains emergency contact information for incident management team
members and other key role players in business function groups.
All emergency preparedness & response documents are considered highly confidential and are only
shared outside of Cisco in redacted form.
4.6 Business Continuity Plan Development & Implementation
BCPs are sets of documented processes and procedures which enable Cisco ONEx business
function groups to continue or recover time-sensitive processes to the minimum acceptable level
within the timeframe acceptable to management.
Applicable Cisco ONEx business function groups work with the Cisco ONEx BC team to design,
develop, and implement the approved continuity strategies within their BCPs. Approved templates are
used to ensure consistency of documents. Business function groups use BCPs when responding to
an incident or event.
BCPs and other related documents are considered highly confidential and are only shared outside of
Cisco in redacted form.
4.7 Awareness & Training Programs
Cisco ONEx has developed and implemented a program to establish and maintain awareness about
the Business Continuity Management (BCM) Program and to train our staff so that they are aware of
their own role and prepared to respond during an event.
Quarterly BC Champion meetings are used to provide BCMS training and disseminate information
about the BC program. BC Champions are responsible for cascading appropriate training through
their business function group.
Cisco Public
Cisco
ONEx
BC Program Customer Overview
Page
6
A printed or duplicate soft copy of this document is considered uncontrolled. Refer to the
o
nline version for the latest revision.
4.8 BCP Exercises, Audits, & Maintenance
Cisco ONEx has established an exercise, testing, and maintenance program for the Cisco ONEx
BCMS to establish confidence in a predictable and repeatable performance of recovery activities
throughout the organization. Policies require appropriate Cisco ONEx business function groups to
conduct exercises of their BCPs on an annual basis if no real BCP activation has occurred during that
timeframe. Exercises are conducted to identify opportunities for documentation improvements and to
familiarize personnel with DR procedures. The exercises are documented in a controlled repository.
BCPs are also updated after exercises. Policies require these documents to be reviewed annually.
IT Applications are identified as required resources during the BIA process. Their criticality is
determined by the RTOs of processes that depend on them and by other criteria. Cisco IT maintains
a program for DR and BC exercises for critical IT Applications.
The tracking and documentation of these activities provides an evaluation of the on-going state of
readiness and allows for continuous improvement to recovery capabilities and ensures that plans
remain current and relevant.
Records generated from BC exercise activities are considered highly confidential and are only shared
outside of Cisco in redacted form.
4.9 Crisis Communications
As part of our Global Incident Management program, Cisco Safety, Security, & Business Resiliency is
responsible for developing, communicating, and exercising a crisis communications plan to address
how communications will be handled by Cisco before, during and after an event. Cisco ONEx does
not maintain a separate Incident Management program.
The crisis communications plan addresses the need for effective and timely communication between
Cisco and all the stakeholders impacted by an event or involved during the response and recovery
efforts.
Crisis communications plans are exercised periodically as part of scheduled Incident Management
exercises.
4.10 Coordinating with External Agencies
Cisco Safety, Security, & Business Resiliency is responsible for establishing policies and procedures
to coordinate response, continuity, and recovery activities with external agencies at the local,
regional, and national levels while ensuring compliance with applicable statutes and regulations.
These activities are performed as part of our Global Incident Management system. Cisco ONEx does
not maintain separate procedures for coordinating with external agencies.
Cisco Public
Cisco
ONEx
BC Program Customer Overview
Page
7
A printed or duplicate soft copy of this document is considered uncontrolled. Refer to the
o
nline version for the latest revision.
5 Want to Learn More?
5.1 Contact Us
Cisco ONEx is proud of its BCMS. We share our best practices at BC industry conferences and
are happy to answer questions and provide additional information you may need. Please ask
your account representative to route your request to our Customer Information Clearinghouse
(customer_compliance@cisco.com).
5.2 Other Resources
The Cisco ONEx BCMS is modeled around the Disaster Recovery Institute International (DRII)
ten best practices. Their website (www.drii.org) has a wealth of information about BC and DR
planning.
