3

WILLIAM D. PATTERSON - CURRICULUM VITAE

01224316569/07892893687
Wdp1951@gmail.com

SPECIALTIES
•Business Continuity/Disaster Recovery
•Emergency Management
•Risk Management
•Management of large, complex projects within rigid time, resource, and budget constraints
•Security(both physical and IT)
•Training

INDUSTRY EXPERIENCE
Finance/Banking/Insurance Telecommunications Government Training E

QUALIFICATIONS: B. Sc. Economics (Hons)

INSTITUTION: Institute of Civil Defence and Disaster Studies (Fellow), Emergency Planning Society
Institute of Management and Production

Brief outline of what I can offer the client

• Extensive knowledge of industry best practice and standards re risk management throughout the world
• Strong business(originally an Economist) and technical focus ensuring cost effective IT solutions for my clients
• Adept at dealing with multicultural environments
• Extensive experience in fields of Finance, Government, and Telecommunications
• Experienced in dealing at Senior Management, Board and Ministerial Level
• An ability to communicate on the same wavelength as finance depts
• Proven track record in staff motivation .
• Excellent knowledge project management methodologies, controls, tools & techniques.
• Thorough knowledge of Corporate Governance, Risk, resilience and reporting legislation throughout EU, UK, and USA
• Extensive Crisis Management experience
• Twenty plus years with responsibility for Business Continuity/Disaster recovery strategy and design .
• Many years experience setting up and running datacentres
• I have developed and delivered training courses on:
• Business Continuity and Disaster Recovery
• Corporate Governance Risk Resilience and Reporting(addresses FSA, Basel II, SOX, NYSE446, Combined code etc)
• Ensuring resilience in investment banking infrastructure and practices
• Risk Management(12 modules)
• Project Management
• Negotiation Skills
• Management of Data Processing organisations
Which I have delivered throughout the world. I am willing to make these available on a none exclusive basis to my employer
.

1
 CAREER HISTORY
Feb 2010 Advising UAE client with respect to “salvaging” major fixed price disaster recovery contract that they
are committed to in the oil and gas sector in Abu Dhabi which is many months behind schedule and
currently loss making.

Dec 2009 Developed resilience service marketing strategy and Business Plan for major UAE based professional services
group. The business objective is their becoming competitive vis-a-vis the big 4 and major hardware
vendors(EMC,HP,IBM etc) in the resilience sector of the Middle Eastern market within a three year period

2009 Turkcell Consultant

Provided off site Contingency planning for Pandemics advice to Turkcell (largest mobile telephony
operator in Turkey). Produced “Pandemic Planning Guide for Telecomms Carriers”

2009 Jephson H.A. Consultant/Manager

• Conducted Business Impact Analysis on business critical systems

•In conjunction with regional directors and business system owners determined Jephson’s IT and
departmental work area requirements in the context of corporate medium term plan
Full costing analysis and creation of business case
Audited the resilience of Information Technology systems, throughout the JHA group
Developed new BC/DR strategy consistent with a Recovery Time Objective of one hour and recovery point objective of 20 minutes.
Conducted RFI process and contract negotiations with shortlisted suppliers
Developed Project Management and Implementation Plans.
Designed datacentre conversion at Northern Regional Office
Evaluated existing third party DR strategy, hosting contract and alternative suppliers
Advised on contingency planning for pandemic
Environment Sun mid range, EMC Clarion, Citrix, Dell Poweredge, Wintel , Cisco. VMware, Navisphere,
Oracle Financials, MPLS, BS25999,ITIL

2008 HMRC - Aspire Programme Consultant

As part of the Security, and Risk Management function:
• Undertaking risk assessments on the Contact Centre Telecommunications Support Function, HR,
Communications, and Contract Management departments.
• Carrying out Business Impact Analyses and developing Business Unit Recovery Plans for
critical HMRC systems (HR, Communications, Telecommunications support to
28 Contact Centres, Solutions Delivery Operations, Commercial and Contract Management)
plus other less critical development and support functions. Plan development had to comply with
BS25999
• Advising on testing procedures including migration of staff/ equipment between production and
Disaster Recovery locations. Heavily involved in test .
Developed Enterprise Wide Location Recovery Plans
Developed BC/DR awareness presentations to be implemented throughout Her Majesty’s Revenue
and Customs Department
Environment IBM Z990, HDS 9800, 9600 San, EMC SAN, Cisco, DMX, SRDF, MPLS, Mid range, Sun, Unix. Oracle
Financials, Websphere, Test Director, ITIL,BS25999 OGC

Feb 08 – Dec 2008 CITC - Saudi Arabian Telecommunications Authority, Riyadh, Saudi Arabia
(Oct-Dec offsite)
Role Subject Matter Expert - Business Continuity/Disaster Recovery Consultant/Security
As a result of action by the Ministry of the Interior(MoI), in 2007 CITC, decided to define the obligations of the
telecommunications licence holders with regard to Disaster Recovery; Business Continuity; and compliance
with world standards( ISO27001/27002, BS17999, and BS25999) It consequently awarded a contract to A. D.
Little who assigned W.D.Patterson as SME to :
• Benchmark 12 countries as regards industry best practice in emergency situations.
• Benchmark Telecommunications best practice in War scenarios. The Saudi’s understandably are
extremely conscious of the risk of middle eastern wars. Hence the benchmark which examined the
impact of Hezbollah- Israeli war on Lebanese telecom, Wars in former Yugoslavia, and the Gulf wars,
addressed telecomms usage in wartime; network resilience; and physical security of key buildings.
• Analyse worldwide risk management and BC/Service continuity regulations/guidelines (SOX, Basel
II,BS25999,NYSE Rule 446,combined code,FSA, ITIL). Conduct Gap Analysis of current status of
Saudi Telecommunications against same.
• Conduct BC/DR/Security audit of existing and new Telecommunications operators in the
Terrestrial, Mobile, IP and Satellite sectors of the Telecommunications industry

2
 • Create industry best practice guidelines (to be translated into legislation) on risk and disaster
Management to apply to the Saudi Arabian Telecommunications Industry.
• Advise Saudi Arabian Interior Ministry and CITC on emergency communications in natural disasters.
This included secure wireless access, TETRA, IP communications, first level responder
interoperability, and Telephony prioritisation.
• With the dependency of the growing Saudi finance sector on IP services, specifically address resilience
of IP telecommunications in this sector.
• Advise on flexible resilient telecommunications to be made available to humanitarian and relief
Organisations in the immediate post disaster situation
• Develop Standards on physical security to be applied to all key buildings in the carriers
network(offices, MSC, BSC, Data Centres, Earth Stations, Data Centres, Exchanges etc). This was to
address all critical threats including natural disasters(notably earthquakes, Dust storms and flooding),
civil unrest, terrorism and war
• Advise on the appropriate technological solutions to ensure network resilience
• Provide guidelines as regards industry best practice on Information Security and Risk Management to
apply to the Telecommunications Industry at enterprise level
• Advise on ensuring compliance with ISO27002 and ISO 17799 by the Telecommunications industry
and supply chain. Advising CITC re resilience and security of its own web based systems
• Advise on setting up Enterprise Security Programme, Enterprise Security Strategy, and Computer
Security Incident Response Team across CITC
• Advise on physical security and counter –terrorism. Ensuring that it was incorporated in
Network rollout
• Advise on infrastructure resilience for networks and datacentres in the telecommunications industry
• Advise CITC(Board Level and Senior Technical Level) on Crisis Management and Business
Continuity Planning practice and structure to be applied within CITC itself

The report has been translated into legislation which now applies to the Saudi Telecommunications industry

July- December 07 Developed “Corporate Governance, Risk, Resilience and Reporting” training course. This course incorporates
an analysis of the key Governance regimes in the UK(addresses Combined Code, FSA, Corrigan3,Turnbull, Smith
and Cadbury), EU(Basel II), USA(SOX,NYSE446) both from a theoretical and “hands-on” perspective.

January 07-Jun 07 National Commercial Bank. Jeddah, Saudi Arabia

Role Business Continuity/Disaster Recovery Expert/Manager
EMC are one of the world's largest storage Area Network Specialists. They have a contract with the National
Commercial Bank to develop a comprehensive business continuity platform for the bank. I was a senior consultant.
Specific responsibilities included:

• Developing Disaster Recovery and Business Continuity plans for the Treasury Division
of the National Commercial Bank of Saudi Arabia. These were compliant with the Basel II High
Level Principles on Business Continuity and the draft BS25999 standard. They involved relocation
of staff to Disaster Recovery offices that I had managed the fitting out and testing of.
• Advised NCB Business continuity Dept on implications of draft BS25999 in context of
SAMA regulations
• In charge of testing Treasury division DR/BC plans both desktop exercises and actual tests
• Developed resilience solution for Treasury division call recording and CTI service .
• Reviewing information security
• Conducted in depth Risk Assessment of HR, Facilities, Telecommunications and IT support
functions .
• Advised on data centre design security and safety
• Advised on counter terrorism
• Audited voice telephony and VOIP as part of Risk assessment of Telecommunications
• Audited Saudi and Bahrain call centres from a resilience perspective
• Audited Wide Area Network, LAN and third party Satellite services.
• Conducted in depth Risk Assessment of HR; Facilities;and Information Technology ;Security; &
Telecommunications.
 The facilities assessment focussed on the buildings, infrastructure(power, air
handling,space, floor loadings , equipment monitoring etc) logistics and safety.
Given the middle eastern situation much attention was paid to security against terrorist
attack. In depth building(and surrounds) security design guidelines were provided
to NCB based on a combination of worldwide standards, and the authors
personal experience.
 For the Information Technology assessment analysis was undertaken of systems and procedures.
Focus was given to. project risk management(using tops down approach), change
and incident management.

3
  A key component of the audit related to IT Security. The areas of greatest concern
were mobile computing, internet security, interface to change and incident ,management
and external customer focussed systems. With regard to the latter given
the dependence of the NCB on E- Commerce considerable attention was given to
security of their portal based systems(online banking etc).
The review highlighted major exposures which could have allowed fraud to
take place on a massive scale. Remedial actions were recommended which should
prevent future fraud.
• Developed Disaster recovery strategy re data telecommunications networks
(terrestrial, Satellite) and voice( Avaya PABX, Some terrestrial, IVR, VOIP) based
on the results of a risk assessment. This was complicated by the Reuters satellite
market data services which used proprietary hardware and software with support out
of Austria. The report highlighted major exposures as regards single points of
failure and where possible(not always as Saudi Arabia has a single Telecoms supplier)
provided costed and resourced solutions

The review highlighted the need for Risk Management and Business Continuity to be embedded in the
culture of the organisation.

• Advised on security and emergency response at branches of NCB’s retail arm

• Project Managed resilience awareness campaign
Environment Superdome, Mid Range UNIX, Windows NT, EMC Symmetrix DMX, SRDF, Evergreen(BCplanning tool) ,
Oracle Financials, Websphere, Veritas Netbackup Kondor,Reuters, Blomberg, ITIL, Basel II,
BS25999, BS17999, ISO27002

November 2006 Co Host ,Main Speaker and Facilitator at Pandemic Planning Conference
held in Belfast which was attended by senior management(up to Asst Director level)
representatives from Office of the First Minister, Northern Ireland Housing Executive,
Belfast Resilience, and Social Welfare Department.

Jan 2006 - Nov 2006 HVR Consulting Services

Role Senior Principal Consultant – Risk Management Practice
Key activities were:
Training:
• For the National Standards Institute of an EU country developed a Course on
Risk Management which addressed the subject from a hands on perspective but also
focused heavily on the extension of regulatory scrutiny (Sarbanes Oxley,
NYSE446, Basel 2 Principles, Combined Code etc) in relation to risk management
in the financial sector
• Developed training courses tailored to regional Fire Service DR/BC requirements
• Developed training courses for local authorities re their obligations under the Civil Contingencies Act
20.
• Developed a 12 module Project Management course on behalf of the Ministry of Commerce of an EU country
Developed Risk Management training course(using REMIS and ARM) for Shetlands Islands Council

Consultancy
• Developed a generic disaster recovery/business continuity strategy for a major European
mobile Telecommunications carrier(GSM,GPRS) addressing all aspects of business including
retail outlets and Call Centres.
• Reviewing the Plans prepared by a major shipping company for Business Continuity and
Disaster Recovery at their worldwide offices(45 in total).
• Advising defence client on Disaster Recovery and Security implications of VOIP
• Reviewing Major Emergency Response Plan for Northern Ireland Housing Executiv

Business Devt
• Undertook business development with commercial and Government clients in the EU providing
Consultancy expertise in Business Continuity, Project Management, and Risk Management.
• Arranged security consultancy for 50+ off-shore oil rigs in the UAE
Environment IBM A/S400, Unix, Windows 2000

2005 European Patent Office Consultant/Programme Manager

Concurrent with my role at RBoS I won contracts at the European Patent Office (EPO).The objective of the
initial contract was a resiliency audit of critical systems, datacentres and communication hubs at the Rijswijk
and Munich
The audit report incorporated an in depth risk analysis of the EPO's datacentres, networks, infrastructure, and
culture highlighting exposures and proposing solutions (along with their associated resource/time commitment).

4
 The Audit Report was presented to selected Board members in September 2005. It confirmed
their belief that the existing DR strategy was severely flawed. Consequently I was commissioned to produce a
new Disaster Recovery Strategy for the EPO with specific focus on the Rijswijk and Munich operations. An
integral part of the strategy was the sourcing of a third Dutch data centre and the migration from the existing
inadequate Rijswijk DR centre to this centre. The strategy incorporated a major change in wide area network to
eliminate distance issues with replication.. Radical solutions were proposed re storage management, X series
virtualisation, and networking across the three main sites (Rijswijk, Munich and Vienna). In addition to
developing the strategy the report provided a tactical level guide, including, as appendices, detailed data centre
migration plan , revised WAN(before and after), logistics plan for supply/distribution chains and application
migration schedules. The report, in a sanitised form was presented to the EPO's Administrative Council. A high
proportion of the strategy has been acted upon

The scale of the assignment, can be assessed from:

• The internet based filing and search systems of the EPO generate revenue in excess of 400million
Euro per annum
• The annual operating budget for Disaster Recovery/ Business Continuity related activities
• Network of sites in 20+ countries with major data centres in Rijswijk, Munich, Vienna

Although the technical component of the role was very significant, at least as critical was stakeholder
Management given the multi ethnic and highly political nature of the EPO board
Environment IBM Z990, IBM P Series, X Series, Windows NT, Multiple HDS9980 SAN(92 terabytes),
IBM3494VTS, GDPS/PPRC,GDPS/XRC, Oracle, Websphere,Netbackup, Legato, ITIL ,Prince

2004 – 2005 Royal Bank of Scotland Consultant/Project Manager

Prior to a successful integration of RBoS and Churchill's systems an audit/gap analysis of the
DR/BC/Security capabilities of Churchill’s systems against RBS Standards and Operating Principles
and FSA Regulations/Guidelines was required. Where gaps were identified I:
Developed the technical disaster recovery/business continuity solution
Project Managed solution implementation into the RBS Insurance Service environment.
Tested BC and DR solutions prior to their being accepted into production
Environment IBMZ990, Compaq Mid Range, multiple EMC,&HDS 9800 SAN, Cisco, MPLS, Unix, Windows NT, SRDF,
Netbackup, ITIL

2003 KBR Programme Manager/Technical Architect - Infrastructure

Duties KBR were appointed Programme Manager for the NPfIT programme. I was recruited as a
Programme Manager
With the lack of technical expertise within KBR , I additionally undertook the roles of:
• Technical Architect for the Infrastructure Group (MPLS, IP, plus legacy ATM, SDLC,X25
network architecture, Call Centre/NHS Direct).
• Project Manager on the Electronic Booking and Electronic Prescription projects
• Advising on information security( application or network level encryption)
• CRAMM threat/risk analysis of the Electronic Booking and Electronic Prescriptions project
• As part of the central spine(National Customer Database) tender creation team I provided a risk
management, security (BS7999 compliance )evaluation and DR/BC consultancy function.
• Co Programme Managed(with NHS Manager) upgrade of network to 3,000 doctors surgeries.
This upgrade involved a significant logistics planning component because of the physical
number of surgeries, the need to minimise risks to the doctors surgeries and patients(as part of the
implementation strategy a thorough risk management process using CRAMM was undertaken).
• Evaluated tenders for a new Email system for NHS
• Advised on system resilience and disaster recovery

2001 2003 Orange Netherlands Programme Manager/Business Continuity/Disaster Recovery Expert

Dutchtone is the third largest GSM network provider in the Netherlands.
Project Management Methodology PRINCE. Service delivery to ITIL standards.
My main achievements were:
• Project Managed the 22 million Eu Network Quality Improvement Project with responsibility
for improving quality of BSS, NSS, MSC, and Access Network Services.
• Developed a disaster recovery strategy addressing GSM,GPRS(Nokia/Nortel), core networks,
call centres and extending to IT systems including the BSCS billing system. This was
developed after undertaking a risk management assessment of Dutchtone’s commercially critical
and politically sensitive systems.
• Developed Crisis Management Strategy and procedures. Set up Crisis Management Command
and Control Centre
• Developed Disaster Recovery/resilience strategy for Dutchtone Call Centres
• Netherlands representative at Orange Group(25 countries) Business Continuity Centre of Excellence

5
• Developed Business Continuity strategy and plans for Billing(BSCS), Mediation, and
Customer service(Vantive( system
• Conducted disaster recovery tests at the Den Haag MSC and Computer centres of IT systems,
Mobile Network Switching and environmental hardware( Generators, UPS, Air Handling etc).
• Implemented remote working for my department and for key Dutchtone executives to
facilitate continuity of service in a disaster which denied access to the datacentres and offices
Advised on consolidation of data centres across the Orange Telecom Group
Dutchtone delegate at the Nacotel joint Government- Telecoms industry working party
Environment Mid Range Unix, Windows NT, Ericsson MD110, Alcatel & Nortel GSM switches, Nokia 3G switches
Cisco IP Switches, Prince 2, ITIL, PRINCE, Primavera, MS Project,BSCS .
.
1994- 2000 Omega Project Management Managing Consultant
Major assignments were:
2000 Telstra - Project Director – PlanIT

The replacement for Telstra’s Cable Plant Record System which addressed maintenance and fibre
Installations was in crisis when I took control. It was 18 month behind schedule and significantly over budget.
I pulled the project round to a level where it could be handed over to IBM(Telstra's had outsourced in
The interim) to finish the rollout.

1999 –2000 Vodafone Australia Disaster Recovery/Business Continuity Manager

Developed and implemented the DR/BC Strategy and plans for the Billing and Customer care system of
Australia’s largest GSM operator. The BC component of the design was critical as the Amdocs Billing system was
supported out of Israel. On site support was on occasions withdrawn at minimal notice as a consequence
of the Middle East situation.
The role involved:
• Audited Vodafone's Datacentres and NOCs from a risk, resiliency and physical security perspective.
Advised major improvements which have proven themselves during periodic bushfire alerts( the Victoria
Centres are particularly exposed)
• Conducted a Threat Analysis and Business Impact Analysis on the Billing and Customer Care systems.
• Set up a crisis management strategy, organisation, and Command/Control centre
• Developed a comprehensive Disaster Recovery Plan for the Billing and Customer Care systems
• Sourced and fitted out a second NSW datacentre for use as a hot standby DR Centre. This allowed
a long term triangulation strategy to be followed incorporating the Melbourne Datacentres
• Conducted formal DR/BC tests of applications, datacentre recovery, and call centres
• Developed DR plan for Vodafone call centres.

1997- 1998 Advantra Programme/Senior Project Manager

Managing a programme of 17 projects for IBM and outsourced clients.
Achievements:
• Replacement of Ericsson MD110 PABX at sites throughout Australia with Lucent Definity
• 15 of 17 Projects were delivered to time and under budget The two that failed to meet the timeframe were
delayed as a result of IBM's insistence on using RS6000 hardware for firewalls even though they had a five month lead time.
• Joint PM on implementation of SAP across IBM and Lend-Lease
• Conducted information security penetration tests at Mercantile Mutual, and ENZ Australia
• Evaluated Project and Risk Management practices. Mentored staff on industry best practice
• Savings in excess of $1,000,000 as a result of mentoring on Negotiation Skills

1996 – 1997 Optus Communications, Programme Manager

• Managing digitisation of Optus satellite services($19.6 million budget).
• Advising on pre contract procurement process for new military/civil satellite.

1994- 1996 Qantas Senior Project Manager

Integration of Finance subsystems(OLAS, EDI, etc) of the former Australian Airlines
with the MVS production subsystems of Qantas.
• Managing the communications component of the $150 million Qantas Universal Business
Environment world wide rollout.

1992 – 1994 Sabre Systems – Project Management Consultancy - Consultant

Main assignments were:
1994 - 1994 New Zealand Employment Service -Project Manager
Project management of the Employment Subsidy Management System

1992-1994 Telecom New Zealand -Project Manager

6
 Managing the implementation of the Vision 0800 project. This encompassed billing,
customer care and management reporting Controlled the extension of Vision 0800 to cover
Toll 0900 customers.

1993 Radiola (formerly AWA New Zealand) - Project Manager

Managing time critical development of Meatworks control system

Sep 91 - Nov 92 Equipment Remarketing Australasia

A computer broking and consultancy company which I was CEO.ERA carved a market niche as a supplier of used
Unisys computer equipment. It also supplied clients with gas turbine generators and specialist negotiating skills

Aug 90 – Dec 91 Department of Social Welfare Senior Technical Services Manager

I was brought into DSW charged with bringing “commercial logic” into IT, improving the quality

of end user services, improving departmental productivity and reducing costs.

As a divisional manager I ensured that all the high priority objectives of the division were achieved
within budget.
I was able to save DSW in excess of $3,000,000 in those negotiations I personally conducted on behalf of the
Information Technology Service Centre and a further $600,000 on behalf of other sections of IT within DSW.
Although divisional manager I took personal responsibility for :
o Project managing the design sourcing and fitting out of DSW Disaster Recovery centre. This
Included ensuring that physical security was compliant with worldwide best practice
o Implementation of comprehensive risk management practices
o Development of comprehensive Business Continuity Plans for all key DSW information
Technology systems
o Enhancing security of IT systems to reduce opportunities for benefit fraud
o Selection of Network Hardware
o Rationalisation of DSW Networks . This resulted in annual savings of $600,000
o Whilst fitting out the DR Centre with hardware I negotiated what was then the world's
largest second user Unisys A series contract (circa $8,000,000)
o Resilience / Disaster Recovery of DSW Call Centres

Oct89-May90 Databank Systems (NZ Clearing Bank) Project Manager

Managing the automation of MVS, CICS, and IMS subsystems; Creation of Project Management
Methodology

NORTHERN HEMISPHERE

From 1976 – 1989 I managed major programmes and projects for

ICI(2 projects); Midland Bank; National Bank of Kuwait (UK and Kuwait); IMSData (Germany);Xerox(2 projects)
UK Post Office;Hadeed(Saudi Arabia); National Housing Trust (Jamaica) .These were regularly achieved on time and budget.