1 Business Continuity and Disaster Recovery Tabletop Exercise Presentation Content Provided by the Association of Contingency Planners (ACP ACP) Dr. Ed Goldberg, CBCP ACP Education Director
2 Hurricane Isaac
3 Why worry these things happen so infrequently. Hurricane Katrina, 8/29/2005 Hurricane Isaac, 8/27/2012
4 Hurricane Katrina Simple Case study & timeline Landfall in southeast Louisiana as a category 3 hurricane 8/29/2005. Entergy New Orleans filed for bankruptcy 9/23/2005.
5 What went wrong? Why bankruptcy? The local utility is a great example: don t utilities plan and prepare for such things? A tale of a power company tells an underlying story.. When a system is damaged extensively, there s insurance, loans, recovery of prudent costs, etc. If the COMMUNITY is gone, there is no current or future source of revenue, therefore no loans and no resources The COMMUNITY is reliant on its businesses for its very existence There are 28 million small businesses in the United States. How many would survive a disaster? How many have continuity plans? The New Orleans community went out of business. Even the UTILITY went bankrupt.
6 For those of you with a quantitative leaning.. 9 out of 10 companies (90%) unable to resume business operations within 5 days of a disaster are out of business within 1 year Nearly 4 out of 5 (78%) businesses faced with a catastrophe without a contingency plan are out of business within 2 years (Original source unknown; cited in innumerable reports AT&T, Agility, SBA, etc.)
7 Let s proceed as if you re convinced of the need for contingency plans for your business/organization To make you really smart, in just 10 minutes, we ll cover: What are the buzzwords? So many new, similar terms. What kind of plan(s) do I need? What are the risks? How much work is it? How do I begin? What planning help is available? Will having a plan lower my insurance rates? How does preparing myself and my family contribute to preparing my business/organization? And we ll answer your questions, address concerns, give you some good resources, etc. (What smart looks like)
8 What are the buzzwords? Business Continuity (BC) Plan a plan for performing your business/organization s critical business processes during and after a disaster Disaster some event or condition/environment that challenges your business/organization s ability to perform its critical business processes Disaster Recovery (DR) Plan the IT (Information Technology) piece of your BC plan Continuity of Operations Plans (COOP), Business Resumption Plans, Business Resiliency Plans, etc. are often interchangeable, often used by vendors or large organizations to indicate some next step above and beyond basic BC/DR plans. Business Impact Analysis (BIA) what large companies do to gather the necessary information about their business processes to begin evaluating what they need in their BC and DR plans
9 What keeps you up at night? Risk! What are the risks that would interrupt your performing crucial business processes? First, define what processes NEED to continue Then evaluate threats/risks Risks can include. Fire, flood, etc. Violence Unknown substance Data breach & other IT attacks Weather events & solar storms Crime & terrorism Regulations/compliance Social media Economy and other environments Loss of personnel Pandemic Supply chain disruption including energy (oil, propane, gas, long term power outage, etc.) Chemical or nuclear accident Sabotage, etc.
10 What kind of plan do I need? Old paradigm: DR plan only What we ve learned: Business Continuity Plan. Loss of facility Alternate worksite Supplies Communications, etc. Loss of people Source for skilled workers Help from others including competition HR help Loss of systems Computers Media Services How can one plan deal with hurricanes, pandemics, fire, flooding, workplace violence, unknown substances, etc.? All-hazards approach: Loss of facility Loss of people Loss of systems Sometimes intangibles such as reputation For the vast majority and for those just getting started, you need the basics a business continuity plan and a disaster recovery plan.
11 How much work is it? For a small business less than, say, 25 employees, a decent BCP is probably just a couple of hours of work up front, and then an hour once or twice a year to keep it fresh. Business Continuity Plans BCP s are living documents. They require a little care and feeding or they won t be very useful when needed. One piece of care and feeding is to exercise the plan(s) at least once per year. A tabletop exercise an hour or so with everyone involved with the plan should be adequate. (Office Space, 1999, 20 th Century Fox)
12 How do we get started? Coming here was a great first step We can discuss what goes into a BC plan and we will but let s make it really easy and quick.with a free (really) template. Want it electronically? OpenForBusiness_new.pdf Or type in ibhs.org and click on the Open For Business link, then on the picture of the cover (same as ).
13 What s in a BC plan? Contact info for employees (either a list or a call tree); Key vendors & suppliers info contact info, perhaps some procurement info (contracts, PO numbers, etc.) Other key contacts such as investors and other stakeholders A list of critical business functions & processes Alternate work location, recovery location or plans to work from home, etc. Supplies including the whole supply chain and things like perishables, energy (oil, propane, etc.), components of your system/work/processes, etc. Systems, machines, vehicles depends on what you need Communications stuff What IT systems you need and this becomes your IT DR plan, either in house or 3 rd party, etc. Backup data/systems and instructions on how to use it
14 What s not in your plan? TRIBAL KNOWLEDGE aka Tacit Knowledge, intuition, closely held trade secrets, etc. Why is this mentioned? If a reasonably competent person with necessary basic skills can t perform a task or otherwise engage in the work needed to continue a process, the plan(s) will fail. Remember to plan for Loss of People! You need to somehow provide for the continuance of business processes, including passing on the recipes or other trade secrets. It s not likely that you would put such detail into your BC plan, but it needs to exist somewhere, even if only in more than one person
15 What planning help is available? There are lots of options to get this done, daunting as it may seem. Do it yourself and have it reviewed by an expert volunteer Become a bit of an expert or have someone in your organization do so Hire a consultant or otherwise outsource it Big organizations/businesses have people on staff who are expert at BC/DR planning. Those people are often willing to help through their professional organizations. No organizations compete on the basis of preparedness, and so they tend to share best practices. It s in all of our best interests to be prepared companies are only as resilient as their host communities. It doesn t mean that unlimited free consulting is readily available, of course. But just as I and my company want to see you all better prepared, so too do all the other larger organizations in your community. Help is available! Where can one get volunteers to review their plans, get educated on BC/DR, network and learn from others, and even meet those who do this professionally?
16 The Association of Contingency Planners (ACP) Not for profit 501C6; National network offers online education (webinars, etc.) 42 local chapters provides educational programs ~monthly Members will review plans, make recommendations for further help The best all-around BC/DR/EM organization, including thousands of members in 45 chapters across the US and
17 What good is all this if no one comes to work post-disaster? Preparedness begins at home Each of us, our coworkers and employees need.. a kit. a plan.a way to get information (http://www.ct.gov/ctalert/site/ default.asp) Lots of resources available, and it doesn t cost much to make a kit. Can any of us afford not to be prepared?
19 EXERCISE SET-UP: SPEED DISASTERING You have exactly 5 minutes to do all of the following action items right now: 1. Quickly but without getting hurt, take all of your belongings and move to the table designated by the number on your badge 2. Quickly introduce yourselves and pick your city or town (your table will become that one city/town) 3. Assign the following roles to yourself and your tablemates: Mayor/First Selectman Emergency Management Director Fire Chief/Public Safety Director Police Chief Sanitarian/Health Director/Social Services 4. Appoint a scribe for the table. This person must take notes for subsequent exercise debrief.
20 Today is Tuesday, September 30. Current Status / Situation It is week 4 of the nationwide H7N9 pandemic All organizations businesses, government agencies, etc. are experiencing across the board 30% absenteeism. This began 2 weeks ago and is expected to continue for 4 more weeks.
21 A small, fast moving Category 1 hurricane is expected to impact all of Connecticut tomorrow (Wednesday) from 8am until noon. Discuss for 2 minutes Take notes for subsequent debrief Updated Status:
22 Status update: Wednesday The hurricane has past. Winds in your town never exceeded 70mph, and were sustained over 50 mph for only an hour The power is on in 70% of the town, including the main roads and business district(s) 10% of the roads have downed tree issues Weather is unsettled overcast, 20mph wind with gusts to 35mph, some rain, thunder, etc. Discuss for 2 minutes. Remember to take notes.
23 As is often the case during/after hurricanes, a small funnel cloud touched down The funnel cloud derailed a train in the center of the city, overturning one tanker carcarrying 10,000 gallons of hydrazine and a truck carrying an unknown quantity of propane.. All of the hydrazine leaked out within minutes Status update:
24 Everything you ever wanted to know about hydrazine but were afraid to ask Colorless, smells like ammonia Highly flammable Used to make foams, pharmaceuticals, spandex, polymers, pesticides, dyes, rocket fuel, airbags and to reduce corrosion in power plants. Yes, it is truly hard to imagine life without hydrazine. Short-term exposure causes irritation of the eyes, nose, and throat, dizziness, headache, nausea, pulmonary edema, seizures, coma in humans. Long-term exposure can also damage the liver, kidneys, and central nervous system. The liquid is corrosive and carcinogenic. It is now in your town s air, groundwater, storm drains, underground vaults and conduits, nearby wetlands, basements, etc. Discuss for 10 minutes and, again, take good notes!
Disaster Planning for Small and Mid-sized Businesses Business Continuity & Disaster Recovery Planning Presented by Ed Goldberg, DM, CBCP Manager, BC & DR Programs 5/22/2014 CBIA's Safety & Health Conference
Business Continuity Planning Donna Curran, Director Audit and Risk Management February, 2014 Agenda Business Continuity Defined The Importance of a Plan Determining the Costs Business Impact Analysis MTO,
Disaster Recovery and Business Continuity What Every Executive Needs to Know Bruce Campbell & Sandra Evans Contents Why you need DR and BC What constitutes a Disaster? The difference between disaster recovery
Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid
Business continuity undoubtedly is at or near the very top of every IT organization s list of strategic initiatives, considering the dramatic costs and implications of downtime. Here are some best practices
Building Economic Resilience to Disasters: Developing a Business Continuity Plan Buffalo Niagara Region February 26, 2014 Gail Moraton, CBCP Business Resiliency Manager Business Resiliency one important
Free Guide: THE FACILITY MANAGER S DISASTER RECOVERY & RESPONSE ROADMAP In 2005, as the world surveyed the damage caused by Hurricane Katrina, an oft-overlooked area of impact was the various educational
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for
11 Common Disaster Planning Mistakes The world is full of risk. Floods, fires, hurricanes, thefts, IT system failures and blackouts are just a few of the incredibly damaging disasters that can and do strike
Tabletop Exercises for Executives Kathy Lee Patterson, CBCP, PMP Independence Blue Cross Defining the Tabletop Exercise Types of Tabletop Exercises Advantages to conducting Exercises Agenda 12 Step Approach
1. An Introduction This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses. This presentation was prepared by the South Central Economic
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or
Business Continuity Planning Guide For Small Businesses Prepared by the City of Vaughan Emergency Planning Department 1 Business Continuity Planning Business Continuity Planning (BCP) is a planning process
EMERGENCY PREPAREDNESS GUIDE For Housing Counseling Agencies Introduction to Emergency Preparedness Planning Developing an Emergency Preparedness Plan is one of the most important strategic decisions you
M ARKET STUDY The State of Business Continuity Preparedness Photo by Sergey Nivens Fotolia.com By STEPHANIE BALAOURAS Forrester Research and the Disaster Recovery Journal have partnered to field a number
Disaster Recovery: Helping Non-Profits to Plan, Prepare & Recover By: Lynn Do It is Prepare to Ensure Business Continuity A way of doing business and continuing to stay in business in the event of a disaster
Building Economic Resilience to Disasters: Developing a Business Continuity Plan March 31, 2014 Gail Moraton, CBCP Business Resiliency Manager Business Resiliency one important piece of the IBHS plan for
Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption
1 IF DISASTER STRIKES IS YOUR BUSINESS READY? DISASTER RECOVERY and BUSINESS CONTINUITY: WHAT YOU NEED TO KNOW Realize the Power of Technology Many business owners put off disaster planning, perhaps thinking
Crisis Communications Planning The Keystone of Disaster Recovery Response Today s Presenter: Bob Boyd, President & CEO, Agility Recovery Solutions For copies of today s slides, please visit: http://agil.me/2013npmwebinar3
Emergency Preparedness for Design Firms RLI Design Professionals Design Professionals Learning Event DPLE 244 September 16, 2015 RLI Design Professionals is a Registered Provider with The American Institute
Beyond Effective Security The Art and Science of Business Continuity Planning Fred Young, CIPM, CRM Executive Director Risk Management RE/MAX International Holdings, Inc The Wildlife Experience Business
WHY BUSINESS CONTINUITY PLANS FAIL 12 COMMON CAUSES AND HOW TO PREVENT THEM By Keith Erwood The ProtectEr, CEO and Principal Consultant The Continuity Co., LLC All material in this report is the property
The Importance of Having a Plan: Business Continuity 101 August 5, 2015 Gail Moraton, CBCP Business Resiliency Manager Nashville, TN 2 IBHS Mission: To conduct objective, scientific research to identify
Building a strong business continuity plan Protect your clients and firm with a well-planned business continuity plan A solid business continuity plan (BCP) is about more than simply staying in compliance.
DOES YOUR BUSINESS CONTINUITY PLAN ADDRESS AN EVENT LIKE EBOLA? The degree of spread of Ebola in the months ahead is uncertain. In the unlikely event of a worst- case scenario, can your organization meet
Disaster Recovery Best Practices & Lessons Learned Paul Sullivan, VP & General Manager Agility Recovery For Audio: (1) Listen through PC speakers, OR (2) Dial 609 318 0024 and use access code 342 984 630
Building an effective Tabletop Exercise Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 3/26/2013 #1 Continuity Plan Testing Flowchart 3/26/2013 #2 1 Ongoing Multi-Year
Information Disaster Recovery Plans Session 1 4.2.2 Business Continuity Plans Part 1 Visit the GPA website to: Register for GPA webinars Subscribe to our free enewsletter Download accreditation resources
You Can t Sue a Disaster. Assess your risk, plan for disruption, protect your firm Speaker Bios Stacy Colvin Partner Hunton & Williams LLP Practicing law since 1993, Stacy advises on the development and
Backup & Disaster Recovery Backup & Disaster Recovery You already know that a security breach could cost you loss of critical data, your customers, your reputation, and even your business but do you know
Small Business Continuity Workshop Region 3- Maryland August 20, 2015 Housekeeping Emergency Procedures Restrooms Distractions 2 Workshop Agenda 9:00 AM Introductions & Objectives 9:15 AM Recent Maryland
EVALUATING YOUR DISASTER READINESS? START WITH YOUR RESPONSE MANAGEMENT VENDOR Business Continuity and Disaster Recovery: Best Practices for Successful Planning What would happen to your organization if
JUMP START DISASTER RECOVERY PLAN FOR HOSPITALITY Introduction In the hospitality industry, a disaster recovery plan (DRP) is a key part of smart business. A DRP can help you protect guests and employees
Availability and Disaster Recovery: Basic Principles by Chuck Petch, WVS Senior Technical Writer At first glance availability and recovery may seem like opposites. Availability involves designing computer
Disaster Recovery For Business Owners Practical Guidance for a Critical Operation With 57% of small to medium-sized businesses (SMBs) having no formal disaster recovery plan (Symantec, 2011), and 52% believing
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
The Content Experts WEBINAR HIGHLIGHTS What if your Disaster Recovery Plan were put to the test? July 22, 2015 SPONSORED BY Held on July 22, 2015, this webinar on disaster recovery was facilitated by Jim
Business Continuity Planning in the Mountain Parks The only thing harder than planning for an emergency is explaining why you didn't Objectives General overview of Business Continuity Planning (BCP) Why
Constructing a successful business continuity plan By Alan Berman Alan Berman Being prepared is the cornerstone of having a business continuity plan regardless of the size of a company. Ultimately, getting
Putting all of your pieces in place Continuity Planning for Nonprofit Organizations ...when natural or man-made disasters strike, nonprofit agencies must be positioned to continue providing services when
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
University of North Carolina Wilmington CONTINUITY OF OPERATIONS PLANNING November 9, 2010 Lumina Theater, Fisher Student Center Development of Continuity Planning University of North Carolina Wilmington
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions
Business Survival: Disaster Recovery Basics June 27, 2012 Dial In #: 951 266 6120 Access Code#: 271 510 366 Prepare to Survive. Agenda Agility s History & Business Model Unique Approach to Business Continuity
Oncor Storm Restoration Questions/Answers Oncor understands that electricity is an essential service to today s businesses and homes, and loss of power places a significant burden on everyone. Oncor performs
E3 Training 162: 10 Steps to Preparedness Course Instructor: Emily Nelson-Crain, VP of Member Services, Agility Recovery Thank You for Joining Us, The Webinar Will Begin Shortly. 2010 WIPP All Rights Reserved
BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business
Contingency Planning & Disaster Recovery The Role of the Records & Information Manager Katherine Jonelis, BCP/Records Specialist SCF Arizona SCF Arizona SCF Arizona is the leading provider of Arizona workers'
Disaster Planning & Recovery: SHRM Resources Shelly Trent, SPHR; SHRM Field Services Director 2012 Disaster News Millions without power in India Wildfires in Colorado Springs Mass shootings in movie theater
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
University of Illinois Springfield Business Continuity Planning 0 Description of Continuity Planning We want to be able to do tomorrow what we were doing yesterday no matter what happens today. 1 Key Terms
It can help grow your small business and cut cost where you never thought possible. Contents Introduction Cutting Cost Saving Time Creating a Competitive Advantages Conclusion 3 4 9 12 13 2 Title of the
A UBM TECH WHITE PAPER JUNE 2013 How the Cloud and Mobile Technology Can Help Organizations Develop a Stronger Business Continuity Strategy Many companies, particularly small and midsize ones, aren t making
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator
for Human Service Providers Scott Ellis Scott Elliott Erin Sember-Chase 1 Goal The purpose of this webinar is to increase awareness and knowledge about the need for disaster/emergency continuity planning
Good Security Good Business Good Security Good Business Attorney-General s foreword Small business plays a crucial role, not only in our nation s economy but in Australian society. We often make decisions
Preparing for the Unexpected Myrtle Beach Area Business Disaster Recovery Symposium January 30, 2015 5 Key Recovery Issues Contingency Planning Association of the Carolinas Steve Shupe, MBCP 1 1. Communications
BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS Disasters happen. Don t wait until it s too late. OVERVIEW It s inevitable. At some point, your business will experience data loss. It could
Healthcare Disaster Recovery Long Term and Residential Care: Can you really count on your Supply Chain Partners? Ralph Petti, MBCI, CBCP President, Continuity Dynamics, Inc. Wilmington, DE & Basking Ridge,
Boston Financial Data Services Business Continuity Executive Summary Boston Financial continues to maintain an active business continuity program that effectively supports the ability to survive a disruption
Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business www.integrit-network.com Business Continuity & Disaster Survival Strategies for the Small & Mid Size Business AGENDA:
FACILITATOR GUIDE ACTIVITY: COMING HOME AFTER A DISASTER Purpose: The purpose of this activity is to educate individuals and families about what to consider after their home has been damaged after a disaster
MANAGED IT SERVICES Could a Managed Services Agreement Save Your Company Tens of Thousands of Dollars Each Year? A lot of business owners, executives, and managers have a love-hate relationship with managed
THE NEXT EVOLUTION IN BUSINESS CONTINUITY PLANNING Presented By John M. Stagl, CBCP BELFOR Planning Fundamentals! Three Levels of Business Planning " Strategic Goal You Wish To Accomplish " Tactical How
The handouts and presentations attached are copyright and trademark protected and provided for individual use only. READINESS RESOURCES American Bar Association -- www.abanet.org Disaster Recovery: www.abanet.org/lpm/lpt/articles/slc02051.html
Emergency Preparedness: 1 Minimizing and Controlling Future Disasters October 7-8, 2013 Presenter: Marna Hayden, SPHR Hayden Resources Inc. www.haydenhr.com Learning Objectives How to develop emergency
STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster
Annual Continuing Education (ACE) (Print version) Emergency/Disaster Management Emergency/Disaster Management The information in this module is appropriate for all AHS employees to review and partially
Assess, Adjust, Improve An LXI Publication Page 1 of 11 Your company's ability to recover is a high priority. In a survey by Contingency Planning & Management Magazine of 1437 contingency planners, 76%
Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
Emergency Management Business Continuity Template The Regional Municipality of Wood Buffalo would like to give credit to the Calgary Emergency Management Agency (CEMA) and the Calgary Chamber of Commerce
1 This document contains the text of Secretary of the State regulations concerning Emergency Contingency Model Plan for Elections (Sections 9-174a-1 to 9-174a-34) This document was created by the Office