BUSINESS-OPERATIONAL CONTINUITY PLANNING
|
|
- Howard Tyler
- 8 years ago
- Views:
Transcription
1 BUSINESS-OPERATIONAL CONTINUITY PLANNING Glenn F. Epier Science Applications International Corporation 1213 Jefferson Davis Highway, Suite 1500 Arlington, Virginia ABSTRACT: U.S. federal and state regulations require industry to develop and maintain detailed crisis and emergency response plans. These plans are, for the most part, well thought out and detailed. As a result, along with extensive training and exercise programs, industry preparedness is better than it has ever been to respond to and manage an emergency. But how well prepared is industry to handle the business or operational continuity aspects of a crisis or emergency? What plans are in place to deal with the requirement for continuing essential business functions in the face of a disaster? If a major incident occurs to a refinery, terminal, or offshore production platform that requires it to be taken off-line, or damages it beyond repair, are there plans in place to minimize the impacts on the rest of the organization and on the downstream customers? How will this be done simultaneously while managing the response? This paper addresses those needs and discusses the requirements that companies in the oil and chemical industry should consider in developing business and operational continuity plans. It explains a multi-step planning process that is being used by many companies around the world to maintain their business edge when a crisis or disaster strikes. This planning process includes such functions as conducting a risk analysis and business impact analysis, developing mitigation and recovery strategies, drafting a continuity plan, developing an awareness program, and building a training and exercising program. The paper also looks at the similarities between business and operational continuity plans and a company 's emergency or crisis management plan and address ways in which the plans may be integrated. Introduction Managers and executives at all levels of a company are paid very well to manage crises and disasters and often do so on more occasions than they care to remember. While not all of these incidents are newsworthy, industry is no stranger to incidents with the potential to disrupt an organization's income sources, operating expenses, stock price, competitive position, and ongoing business, not to mention potential governmental intervention and regulatory changes. The refinery, pipeline, offshore platform, or oil terminal is a profit center in today's business world, yet many corporations do not focus business continuity planning efforts in these locations. Many corporations today that rely on their particular facilities to generate and maintain a certain level of business are overlooking the importance of business continuity planning for facilities and other infrastructure. This problem primarily is due to most plants and facilities not having experienced the level of crisis or disaster where long-term business viability and success are called into question. So how well prepared are most organizations to handle the business and operational aspects of a crisis? How much training and exercising in the area of business continuity and business resumption is being conducted by these organizations? In every major environmental incident, there is always the constant tug between the regulators and the stockholders each pulling the organization in a different direction to satisfy their own particular needs. When responding to a major refinery explosion and fire, or a major oil spill into one of the region's most environmentally sensitive areas, when will business issues be addressed? How should customers learn of a crisis? How will those contracts affected by the loss of that product or service be handled? Who is responsible for these issues? If customer and stakeholder needs are not met in a timely manner, will they turn on the company or abandon it? The business continuity message presented here is that it is nothing short of due diligence on the part of management to develop a mechanism that responds to major environmental disasters without losing the ability to continue the core business. Business continuity process Business continuity can be defined simply as a good business practice an effort to assure that the capability exists to continue essential company functions across a wide range of potential emergencies. Developing a business-operational continuity plan may seem like a huge task, but in actuality, it is a common-sense document that offers valuable insight into business operations. It involves identifying those functions and processes that are critical to business, then designing contingency plans to deal with the potential disruption of one or more of those functions and processes. Business continuity planning is not new. Most companies and organizations developed and exercised Year 2000 plans. Now those companies and organizations need to apply those principles and practices to potential oil and petro-chemical industry business disruptions, such as a major vessel grounding and spilling oil or refinery explosion and fire. The continual reliance on computers, databases, and other electronic information transferences will cause the concept of business-operational continuity planning to become the basis for crisis management in the twenty-first century. Government regulations motivate most companies to conduct field- or facility-level planning. For the most part, the regulations are adequate for dealing with emergencies, but adding information on continuing business operations certainly could enhance the planning effort. Most companies do not want to go beyond the planning required by those government regulations for various reasons, one of which is the higher costs associated with the additional planning effort. Not only does a company have to deal with environmental cleanup costs and liabilities associated with a 903
2 INTERNATIONAL OIL SPILL CONFERENCE major oil spill and the cost of repairs to rebuild the facility and infrastructure, but it also has to deal with potential impacts to its customer base (revenue streams) because of non-performance of existing contracts and the ability of competitors to quickly pick up this business. A well thought out plan to continue business becomes a necessity. So what is a business continuity plan (BCP)? It is a management strategy and set of procedures that defines how a business or corporation will continue its critical functions in the event of an unplanned disruption to its business activities. As with developing any type of crisis management and emergency response plan, business-operational continuity plans start with the process of defining the organization's vulnerabilities to business disruptions and eventually developing contingencies to handle those vulnerabilities (if they cannot be removed or mitigated in some fashion). The risk of potentially disastrous losses from business interruptions compels planners to use a common methodology to business resumption planning. This common approach includes ten basic steps under a program developed by the Disaster Recovery Institute International (DRII). This program has been in existence for a number of years and has proven effective in many major business disruption responses. The process outlined below by DRII is similar to the process used by the oil industry in developing crisis and emergency management plans, as explained later in this paper. These ten steps include: 1. Project initiation establishes the need for a BCP, which includes obtaining management support and organizing and managing the project to completion within established time and budget limits. 2. Risk evaluation and control determine the events and environmental surroundings that can affect an organization and its facilities adversely, the damage such events may cause, and the controls needed to prevent or minimize the effects of potential loss. 3. Business impact analysis identifies the potential impacts resulting from disruptions or facility losses that can affect a company, and the techniques that can be used to quantify and qualify such impacts. Critical functions are identified, their recovery priorities established, and interdependencies determined so that recovery time objectives can be set. 4. Developing business continuity strategies will determine and guide the selection of alternate business recovery operating strategies for a business while maintaining the company's critical functions. This shows how a company will continue to operate after an explosion and destruction of a large refinery or while responding to a major oil spill. 5. Emergency response and operations involves the development and implementation of procedures for responding to and stabilizing the incident. Human safety and health are always the first concern in any crisis or emergency situation. When an incident or disaster occurs, these crisis or emergency plans should be implemented immediately, with the business concerns and issues being a secondary priority. In the oil and chemical industry, these plans normally already exist, but the BCP plan should be compatible with the procedures in the response plans. 6. Developing and implementing BCPs involve the development and implementation of a BCP that provides for recovery within the recovery time objectives developed during the business impact analysis. 7. Awareness and training programs create corporate awareness of a BCP and its associated procedures, and enhance skills required to develop and implement a BCP. 8. Maintaining and exercising BCPs help to plan and coordinate exercises, and evaluate and document exercise results. This also allows for the development of a process to maintain the response capabilities and the plan document in accordance with the company's strategic direction. Major exercises often involve both BCP and emergency response plans. 9. Public relations and crisis coordination provide guidance to work with the media during a crisis or emergency situation. This also outlines information on how to provide crisis communications, such as dealing with key customers, critical suppliers, stockholders, employees and their families, and corporate management during a crisis. It also deals with crisis counseling for those employees or non-employees as required. 10. Coordination with public authorities establishes applicable procedures and policies for coordinating continuity and restoration activities with local authorities while ensuring compliance with applicable statutes or regulations. The above described business continuity process is similar to the process commonly used to develop crisis and emergency management plans. The two can be combined to develop and maintain a truly integrated and comprehensive contingency plan that includes information mandated not only by regulatory authorities, but by fiduciary responsibilities as well. General planning guidelines A crisis is an event or series of events that threaten to fundamentally alter the way an organization conducts business. It can be a significant business disruption that stimulates extensive news media coverage with the resulting public scrutiny having a large effect on the organization's normal operations. The crisis could also have a political, legal, financial, and governmental impact on a business. There are four basic causes of a business crisis: Acts of God, such as earthquakes, storms, volcanoes, etc. Mechanical problems, such as ruptured oil/gas pipelines, tank and valve failures, vessel groundings, etc. Human judgment or errors, such as opening the wrong valve, miscommunication or navigating a vessel aground, etc. Management decisions/indecisions, such as a problem that is perceived as not being very serious and that nobody will discover All could have huge impacts on the way an organization responds to and continues to conduct business. And without an adequate crisis and emergency management plan, as well as business continuity planning guidelines in place, the organization will surely struggle to exist. In many cases where the crisis already has occurred, or it is inevitable that the crisis will impact key stakeholders, a BCP will minimize the disruption and financial damage. A crisis or emergency management plan that does not address continuity planning is unlikely to achieve these results. Maintaining essential operations while responding to a disaster is a strategic, moral, and legal obligation to one's company and its stakeholders. Just as industry spending billions of dollars each year on technology to maintain a competitive edge is viewed as being prudent, not having a BCP to continue operations is an indication of corporate negligence. Standards of care and due diligence are required of all companies; not having a plan violates fiduciary standard of care. What basic elements are needed in a plan? Every good response-planning document should contain three sections/areas of information on how to deal with a catastrophic incident. These areas include: Crisis and emergency management procedures Crisis communications procedures Business continuity procedures
3 POLICY PLANNING CAPACITY 905 As an integrated plan is being developed, the difference between crisis management, crisis communications, and business continuity needs to be clarified. And where should the line between management, communications, and business concerns be drawn in a crisis? That line should not be drawn. In fact, one should do everything possible to coordinate management, operational, and communications response to any major environmental incident. In reality, response efforts should all work in parallel. The crisis and emergency response teams are working toward resolving the life, health, and safety issues; the communications team is providing the media and key stakeholder groups pertinent information; and the business continuity team is dealing with maintaining the company business and profitability. In addition, while building an integrated plan, other questions will surely be asked. At what level does the oil spill become a crisis? When should the crisis communications plan be implemented? When should one become concerned with business issues? What are the trigger points for making this decision? On this subject, trigger points should be clearly defined and well understood by all response team members. Criteria that describe the severity of the problem should be used to determine the type of response that will be provided. These criteria should also be an integral part of business continuity planning and be built into both crisis management and crisis communications sections of a plan. The importance of these criteria is that they will trigger separate responses by: Response team members who have to get the oil spill under control as quickly as possible so normal business can be resumed Top management who have to allocate resources, handle stockholders, deal with legal issues, maintain company image, and make other critical decisions needed to maintain the company business Communications personnel who have to proactively get the company's message out while making sure all stakeholder and media interests are met As indicated above, the process for developing crisis and emergency management plans is similar to developing BCPs. The planning process used in developing any type of crisis and emergency management plans may be consolidated into the following phases: Project initiation phase: The problem initially is identified and detailed. The objectives and the scope of the plan are laid out, budget and resources identified, and final approval given by management. Functional requirements phase: Details of a risk assessment are obtained and alternatives identified during this fact-gathering phase. A business impact analysis and risk assessment is conducted, along with a process for identifying mitigation strategies and acceptable risks. Plan development phase: The plan becomes a reality, a written document. Not only is a company looking at crisis and emergency response procedures, but it also should be considering plan components such as alternate Emergency Operation Center site locations, handling of vital records, escalation and de-escalation procedures, and business continuity, resumption, and restoration procedures. The integrated contingency planning guidelines developed by the National Response Team provide a good framework and meet their conceptual objectives, but they do not go far enough in the planning model to provide for businessoperational continuity information. Training and exercising phase: Once the plan is developed, personnel need to be trained on its contents. As a final link to the planning process, the plan needs to be exercised on a regular basis to determine its validity and effectiveness. Once deficiencies are determined, the plan then needs to be refined. Plan maintenance phase: While this appears self-explanatory, this phase often is neglected. All plans should be reviewed at least annually or whenever new policies and procedures are developed. A plan review schedule should be developed and a budget assigned, with reviews being conducted periodically, such as after conducting an exercise or responding to an actual incident. Organizational responsibilities Crisis situations typically require managers to make critical business decisions under extreme pressure and in most cases using incomplete and insufficient information. By defining in advance what core crisis management and business continuity steps need to be taken and how they should be conducted, corporations can reduce some stress on their staff during a crisis. This advance work may increase the efficiency of their response and may reduce the financial impacts on the company. Previously, a definition for a crisis was presented; however, this will vary from company to company, as the types of events or incidents that can alter the way a company chooses to do business vary. A specific event that may have a substantial impact on a small company may have little impact on a large company working in the same business line. How a company responds to a crisis event may make all the difference when the stock prices come out the next day. Prevention and preparation are two key areas where a company can make huge impacts when responding to a disaster or crisis event. They also will have large impacts on the cleanup and eventual litigation costs when responding to an incident. Anything that can first be prevented from occurring through such programs as enhancing safety standards, inventory control, or engineering design is always the first step in risk reduction. If the potential incident cannot be prevented from occurring, then the company must be prepared to respond to it. The question is not if, but when, the crisis will occur. A standard rule of thumb of crisis management is to influence the course of the crisis, not just respond to it. By being proactive, a company's crisis management team often can prevent a situation from escalating into a crisis, or can mitigate its financial impacts. Being prepared to handle the potential business impacts of such an event is as important as dealing with the emergency aspects of the response. And in most cases, the company should be able to respond to and deal with both (emergency and business continuity) responses simultaneously. Having an experienced and trained response organization in place is necessary to maintain that business edge once a crisis or disaster strikes. All too often, companies emphasize developing crisis and emergency management plans as the cure-all for responding to an incident. Granted, a good plan is very important, but in the long run. companies should be engaging in a process for developing an overall capability to manage the crisis or disaster, then documenting that capability in a suitable plan. Plans should reflect current capabilities, not desired capabilities. The plan and ultimate response are only as good as the organization managing the incident. That response organization should be designed so that it will be able to satisfy the overall response objectives of the company. There are many different types and levels of crisis and emergency management organizations throughout the oil industry, each with its own set of company objectives and goals. No matter how large or small the company, however, certain response objectives must always be met. In any incident, response issues
4 INTERNATIONAL OIL SPILL CONFERENCE such as human health and safety, logistics, personnel and equipment support, financial, legal, human resources, and communications will always need to be addressed. However, at what level, and by whom should these be handled? In most cases, a tiered approach to respond to a potential crisis or disaster is recommended. At the field location, the emergency response organization responds to the crisis event and is usually organized in an incident command structure of some type. Here is where the tactical planning for the response is being conducted. The facility response team will be focused on dealing with the emergency, and once that phase is over, its focus will then be on rebuilding the facility or repairing the damage caused by the incident; commonly referred to as business resumption. Additional company support in such areas as finance, personnel and equipment, legal, human resources, media, and business continuity should come from either the company headquarters or the business unit headquarters, depending on the size and makeup of the corporation. For many larger companies, a three-tiered approach is common with an incident support team (mid-level team) managing the crisis or disaster at the business unit level and a crisis management or executive management team (senior-level team) at the headquarters level. The incident support team would be responsible for providing assistance to the field-level team in such areas as legal, financial, human resources, crisis communications, and marketing, as well as focusing on the continuing business concerns for the business unit. The crisis management or executive management team would consist of very senior-level managers at the corporation headquarters tasked with handling the impacts of the crisis on the overall corporation and its stockholders, as well as continuing those strategic business functions not impacted by the incident. For smaller companies, these two senior-level teams (incident support team and crisis management team) easily can be combined into one crisis management team that would then be tasked with not only providing assistance to the field-level response, but also dealing with the business continuity issues and strategic response plans for the corporation and its stockholders. It is important that each individual responder understands how he/she fits into the response organization, what his/her responsibilities are, and what the roles and responsibilities are of each group in the corporation. Otherwise, overlaps or shortfalls will occur, and the response will not be managed as effectively or efficiently as the stockholders and general public would expect. It is also important that the members of the response teams understand the distinction between crisis and emergency management and how the business continuity issues need to be addressed during the early stages of the response operation. Plan comparison The following planning matrix (Table 1 ) outlines and compares the plan requirements of four commonly accepted standards Area Contingency Plans (ACPs), local emergency planning committee plans (LEPCs), facility response plans (FRPs), integrated contingency plans (ICPs) for oil spill response plans to those generally found in BCPs. What a comprehensive contingency plan needs The integrated contingency plan (as outlined by the National Response Team guidance) is an excellent model for creating an emergency response plan and covers all aspects of responding to a major oil spill. A local facility manager, however, needs to be aware of business continuity issues and priorities, and what his/her roles and responsibilities are to maintain the business when a crisis or disaster strikes. Some of these concerns and decisions will center on such areas as upstream suppliers and downstream customers, decision to rebuild or replace, work status of employees, production level changes, procedures modifications, etc. The focus of this plan comparison is on developing comprehensive response plans, from both a field-level and an incident support team perspective. There are many different concepts on how to develop a contingency plan and many more formats for writing the actual plan. It does not matter whether the plan is required by law, regulation, or company policy; most response plans should contain overall planning elements such as prevention, response, business continuity, and restoration. The plan should be able to address all aspects of dealing with a crisis or emergency ranging from prevention practices to getting the company back into normal operation. In addition, plans should be user friendly and, in many cases, should include information on responses to any type of hazard (e.g., fire, explosion, oil spill, natural disaster, terrorism, etc.). A comprehensive response plan should include information in the following areas: Scope and background information Risk Analysis Business impact analysis Prevention programs Health and safety plan Initial assessment and mobilization Notification procedures Forecasts of oil movement Resources at risk Response strategies and techniques Recovery teams and procedures Investigation procedures Contractor/support listings Alternate site location and setup Demobilization Response management organization Roles and responsibilities Crisis communications/public affairs Facility specific information Product information Training and exercising requirements Business continuity procedures Documentation requirements Concept of operations Humanitarian assistance Post incident review Waste management Evacuation/shelter in place requirements Communications Plan maintenance and review
5 POLICY PLANNING CAPACITY 907 Table 1. Planning matrix. LEPC Plan components ACP (SARA) FRP ICP BCP Applicability, purpose and scope Background, geographic boundaries and other policy information Listing of facilities subject to rules Facility identification information Transportation routes for hazmat Identification of at risk facilities and locations Identify critical functions; develop recovery strategies Risk/hazard analysis and mitigating factors Business impact analysis Planning organization Emergency response levels Product information (MSDS) Potential scenarios and action plans Trajectory modeling Listing of response equipment, support facilities and personnel (private and government) Health and safety Assessment/discovery Notification procedures (internal and external) Response operations (during emergency phase) Response management system/organization Identify recovery teams Alternate site location and setup, off-site storage retrieval Response techniques Recovery and demobilization (after emergency phase) Waste management Communications procedures (internal and external) Public Affairs information Humanitarian assistance concerns (injuries, deaths, etc.) Training and exercising plans, schedules and programs Plan maintenance and review procedures Accident review and investigation Incident Documentation (administrative and financial) Prevention Note: ACP, Area Contingency Plan, LECP, local emergency planning committee plan; FRP, facility response plan; ICP, integrated contingency plans; BCP, business continuity plan. Granted, the particular facility being impacted by the incident may not be the main provider of all information or services mentioned above, but specific information needs to be available on how to obtain additional assistance and advice from corporate management teams. Most oil spill response plans, however, do not contain these elements since they usually are developed in accordance with regulatory requirements that rarely require a corporation to plan for its continuing business success. Contingency planning, including business continuity, is a necessity that has turned out to be beneficial in more ways than expected. Beyond ensuring a business function's viability during and after a crisis or disaster, contingency planning efforts have led to significant improvements in the daily operations of many business units. In addition, no other process does a better job of making a corporation assess its operations and processes than the structured process of planning what to do when your refinery or vessel, the full staff, information systems, and communications are no longer available. Contingency planning for the long-term business success of a company is traditionally a primary responsibility of senior management at a headquarters location. But over the past decade, the trend has been to move this decision making to strategic business units. And in many companies, those strategic business decisions are being delegated to plant, terminal, and facility managers. These are the people that are not only responsible for safeguarding their existing operation, but they also need to have
6 INTERNATIONAL OIL SPILL CONFERENCE plans in place to protect business processes and procedures when a crisis occurs. After all, this is where the company makes its money and is of primary interest to all stockholders, so naturally this should be the level where business continuity begins. The goal is to develop one plan that covers all incidents, from a small spill that could have partial impacts on business profitability to a major incident where the entire business operation comes to a halt. How well this is planned for will dictate the success of the company. Biography Glenn F. Epier has over 24 years of experience in planning, training, exercising, and response, 18 of which were with the U.S. Coast Guard. He worked extensively in the emergency management field, in both preparing for and responding to maritime incidents. Mr. Epler reviewed and developed numerous crisis management and emergency response plans dealing with natural and man-made disasters.
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationData Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More informationEmergency Preparedness Guidelines
DM-PH&SD-P7-TG6 رقم النموذج : I. Introduction This Guideline on supports the national platform for disaster risk reduction. It specifies requirements to enable both the public and private sector to develop
More informationBusiness Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business
More informationBUSINESS IMPACT ANALYSIS.5
Table of Contents I. GENERAL.3 Introduction.3 Scope.3 Components.3 II. BUSINESS IMPACT ANALYSIS.5 Academic Affairs...5 Finance and Administration.6 Planning and Accountability..8 Student Affairs.8 Institutional
More information85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff
85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationAssessment of natural hazards, man made hazards, technical and societal related risks and associated impact.
Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis
More informationBUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE
BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationDISASTER RESPONSE: MANAGING THE ENVIRONMENTAL RISKS. By Frank Westfall and Robert Winterburn
DISASTER RESPONSE: MANAGING THE ENVIRONMENTAL RISKS By Frank Westfall and Robert Winterburn DISASTER RESPONSE: MANAGING THE ENVIRONMENTAL RISKS Frank Westfall and Robert Winterburn April 2015 Whether it
More informationBUSINESS CONTINUITY PLANNING GUIDELINES
BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationChapter I: Fundamentals of Business Continuity Management
Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify
More informationOREGON STATE UNIVERSITY MASTER EMERGENCY MANAGEMENT PLAN
OREGON STATE UNIVERSITY MASTER EMERGENCY MANAGEMENT PLAN Last Edit 2/8/2011 OVERVIEW This document provides a management framework for responding to incidents that may threaten the health and safety of
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationBusiness Continuity and Crisis Management
Business Continuity and Crisis Management Crisis Management, Business Continuity and The Incident Command System Understanding Differences and Putting it all together? by Max Ckonjevic FBCI, CBCP 1 Objectives
More informationAPICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES
APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS ABOUT THIS REPORT This report examines the role that supply chain risk management plays in organizations
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationCHAPTER 8: EMERGENCY RESPONSE PROGRAM
CHAPTER 8: EMERGENCY RESPONSE PROGRAM If you have at least one Program 2 or Program 3 process at your facility, Part 68 requires you to implement an emergency response program if your employees will respond
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationDisaster Recovery Journal - Winter 2002 - What Is Business Continuity Planning? (1501-14) Page 1 of 6
Disaster Recovery Journal - Winter 2002 - What Is Business Continuity Planning? (1501-14) Page 1 of 6 INDUSTRY What Is Business Continuity Planning? How Does It Differ From Disaster Recovery Planning?
More informationBusiness Continuity and Disaster Recovery Planning: A Collaborative Approach. Dr. Gillian Cambers, Disaster Risk Management Specialist, CDB
Business Continuity and Disaster Recovery Planning: A Collaborative Approach Dr. Gillian Cambers, Disaster Risk Management Specialist, CDB Regional Workshop for Health Planners and Policy Makers, September
More informationBusiness continuity plan
Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationEmergency Preparedness for Design Firms. RLI Design Professionals Design Professionals Learning Event DPLE 244 September 16, 2015
Emergency Preparedness for Design Firms RLI Design Professionals Design Professionals Learning Event DPLE 244 September 16, 2015 RLI Design Professionals is a Registered Provider with The American Institute
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationBusiness Continuity Planning for Schools, Departments & Support Units
Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption
More informationBusiness Continuity Planning and Disaster Recovery Planning
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationEmergency Preparedness: Learning Objectives. Minimizing and Controlling Future Disasters. SHRM Disaster Preparedness Survey 3.
Emergency Preparedness: 1 Minimizing and Controlling Future Disasters October 7-8, 2013 Presenter: Marna Hayden, SPHR Hayden Resources Inc. www.haydenhr.com Learning Objectives How to develop emergency
More informationVermont Division of Emergency Management and Homeland Security Business Disaster Preparedness Workbook
Vermont Division of Emergency Management and Homeland Security Business Disaster Preparedness Workbook Con nuity of Business Planning Each year thousands of businesses and organizations are affected by
More informationOffsite Disaster Recovery Plan
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
More information5-02-15. Andres Llana, Jr. INSIDE. Upper Management s Role; Delegating Responsibilities; Minimum Plan Outline; Business Impact Analysis
5-02-15 INFORMATION MANAGEMENT: STRATEGY, SYSTEMS, AND TECHNOLOGIES CONTINGENCY PLANNING FOR SMALL- TO MEDIUM-SIZED BUSINESSES Andres Llana, Jr. INSIDE Upper Management s Role; Delegating Responsibilities;
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationAn Overview of Professional Directors and Officers Liability in Disaster Preparedness and Recovery Planning
An Overview of Professional Directors and Officers Liability in Disaster Preparedness and Recovery Planning Eric Martin Scott Southern University Law Center Preparation for disasters involves a variety
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationPage Administrative Summary...3 Introduction Comprehensive Approach Conclusion
TABLE OF CONTENTS Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion PART 1: PLANNING General Considerations and Planning Guidelines... 4 Policy Group Oversight Committee Extended
More informationFORMULATING YOUR BUSINESS CONTINUITY PLAN
WHITE PAPER Page 0 Planning for the Worst Case Scenario: FORMULATING YOUR BUSINESS CONTINUITY PLAN 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents Overview... 2 What is Disaster
More informationAll Oil and Gas Companies under the Jurisdiction of the National Energy Board (the Board or NEB) and All Interested Parties
File 172-A000-73 24 April 2002 To: All Oil and Gas Companies under the Jurisdiction of the National Energy Board (the Board or NEB) and All Interested Parties SECURITY AND EMERGENCY PREPAREDNESS AND RESPONSE
More informationBUSINESS CONTINUITY PLANNING
Policy 8.3.2 Business Responsible Party: President s Office BUSINESS CONTINUITY PLANNING Overview The UT Health Science Center at San Antonio (Health Science Center) is committed to its employees, students,
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationCIS 523/423 Disaster Recovery Business Continuity
CIS 523/423 Disaster Recovery Business Continuity Course Description A study of disaster recovery and business continuity as related to the information technology function in organizations. Topics will
More informationSTEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015
STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid
More informationA To Do List to Improve Supply Chain Risk Management Capabilities
A To Do List to Improve Supply Chain Risk Management Capabilities Investigators: Debra Elkins General Motors R&D Center Mailcode 480-106-359 30500 Mound Road Warren, MI 48090 Phone: 586-986-2750 FAX: 586-986-0574
More informationEMERGENCY MANAGEMENT DIPLOMA AND CERTIFICATE
EMERGENCY MANAGEMENT DIPLOMA AND CERTIFICATE DIPLOMA OVERVIEW NAIT s Emergency Management Diploma Program is a comprehensive, distance delivered program that will provide students with a fundamental understanding
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationBUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers
BUSINESS CONTINUITY PLAN Specific Issues for Public Health Emergencies Guidelines for Air Carriers 1 Contents PART 1 BACKGROUND 1.1. Introduction 1.2. Purpose 1.3. Scope and Application 1.4. Definition
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125 When Disaster Strikes Are You Prepared? Copyright Materials This presentation is protected by US and International Copyright laws.
More informationOil and Gas Industry A Comprehensive Security Risk Management Approach. www.riskwatch.com
Oil and Gas Industry A Comprehensive Security Risk Management Approach www.riskwatch.com Introduction This white paper explores the key security challenges facing the oil and gas industry and suggests
More informationDisaster Recovery Planning. By Janet Coggins
Comp 5940 Project Disaster Recovery Planning By Janet Coggins Janet H. Coggins Page 1 11/21/2004 Table of Contents List of each Section....Page 2 Section 1 Executive Summary Overview of the scope of the
More informationBusiness Continuity Roadmap -One Port s Approach. - Rich Baratta, ARM, ABCP Director, Risk Management Port of Long Beach
Business Continuity Roadmap -One Port s Approach - Rich Baratta, ARM, ABCP Director, Risk Management Port of Long Beach The San Pedro Bay Port Complex DHS DIRECTIVE ON RECOVERY MARITIME INFRASTRUCTURE
More informationConstructing a successful business continuity plan
Constructing a successful business continuity plan By Alan Berman Alan Berman Being prepared is the cornerstone of having a business continuity plan regardless of the size of a company. Ultimately, getting
More informationUniversity of Prince Edward Island. Emergency Management Plan
Emergency Management Plan March 2012 ON CAMPUS Emergency Dial Security Assistance Dial 566-0384 OFF CAMPUS SUPPORT AGENCIES Fire & Ambulance... 9-1-1 Charlottetown Fire Department... 566-5548 Fire Marshal...
More informationEmergency Response Plan
Emergency Response Plan Public Version Contents INTRODUCTION... 4 SCOPE... 5 DEFINITION OF AN EMERGENCY... 5 AUTHORITY... 6 ACTION PRIOR TO DECLARATION... 6 FREEDOM OF INFORMATION & PRIVACY PROTECTION...
More informationTO AN EFFECTIVE BUSINESS CONTINUITY PLAN
5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationDisaster Recovery/Business Continuity
CITY AUDITOR'S OFFICE Disaster Recovery/Business Continuity March 6, 2015 AUDIT REPORT NO. 1511 CITY COUNCIL Mayor W.J. Jim Lane Suzanne Klapp Virginia Korte Kathy Littlefield Vice Mayor Linda Milhaven
More information[Insert Company Logo]
[Insert Company Logo] Business Continuity and Disaster Recovery Planning (BCDRP) Manual 1 Table of Contents Critical Business Information 4 Business Continuity and Disaster Recover Planning (BCDRP) Personnel
More informationBusiness Continuity Management AIRM Presentation
16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationSECTION I: OVERVIEW AND INTRODUCTION. Emergency Response Management Plan 5
SECTION I: OVERVIEW AND INTRODUCTION Emergency Response Management Plan 5 SECTION I: OVERVIEW AND INTRODUCTION A. PURPOSE OF THE PLAN: The emergency response outlined in this plan is designed to protect
More informationBusiness Continuity Planning. Presentation and. Direction
Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com
More informationB E F O R E T H E E M E R G E N C Y
B E F O R E T H E E M E R G E N C Y RESPONSIBILITY / LIABILITY for Homeland Security / Emergency Management Duty of Care - Counties and Cities ARE responsible for the safety of their citizens. Following
More informationDisaster Ready. By: Katie Tucker, Sales Representative, Rolyn Companies, Inc
By: Katie Tucker, Sales Representative, Rolyn Companies, Inc Are you and your facility disaster ready? As reported by the Red Cross, as many as 40 percent of small businesses do not reopen after a major
More informationDisaster Recovery Plan (DRP) / Business Continuity Plan (BCP)
Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationBusiness Continuity. Port environment
Business Continuity Port environment DEFINE BUSINESS CONTINUITY WHAT IT IS NOT RECOVERY FOCUS: PEOPLE PROCESSES TECHNOLOGY DELIVERABLES INFRAGARD DEFINITION MANAGEMENT PROCESS DEVELOPING ADVANCE PROCEDURES
More informationRx Whitepaper. Using an Asset Management Framework to Drive Process Safety Management and Mechanical Integrity
Rx Whitepaper Executive Overview Process Safety Management (PSM), driven by the OSHA 1910.119 standard, aims to prevent the unwanted release of hazardous chemicals, especially into locations which could
More informationPMAOMIR418B Coordinate incident response
PMAOMIR418B Coordinate incident response Revision Number: 1 PMAOMIR418B Coordinate incident response Modification History Not applicable. Unit Descriptor Unit descriptor This unit covers the coordination
More informationA Business Continuity Plan for Government. George Bomar Dianne Casey Texas Department of Licensing and Regulation
A Business Continuity Plan for Government George Bomar Dianne Casey Texas Department of Licensing and Regulation A practiced logistical plan for how an organization will recover and restore partially or
More informationCRISIS MANAGEMENT PLAN
CRISIS MANAGEMENT PLAN Table of Contents Introduction... 3 Purpose... 3 Objectives... 3 Types & Levels of a Crisis... 4 Plan Activation... 6 Crisis Management Team (CMT) Structure... 6 CMT Responsibilities...
More informationGuideline on Business Continuity Management
Circular No. 033/B/2009-DSB/AMCM (Date: 14/8/2009) Guideline on Business Continuity Management The Monetary Authority of Macao (AMCM), under the powers conferred by Article 9 of the Charter approved by
More informationUNIVERSITY OF COLORADO AT BOULDER PLAN
UNIVERSITY OF COLORADO AT BOULDER PLAN R EADINESS ESPONSE ECOVERY UCB Department of Public Safety CONTENTS 1. POLICY POLICY STATEMENT PURPOSE SCOPE 2. OVERVIEW POLICY PURPOSE RESPONSIBILITIES DEFINITION
More informationAll-Hazard Continuity of Operations Plan. [Department/College Name] [Date]
d All-Hazard Continuity of Operations Plan [Department/College Name] [Date] TABLE OF CONTENTS SECTION I: INTRODUCTION... 3 Executive Summary... 3 Introduction... 3 Goal... 4 Purpose... 4 Objectives...
More informationKeys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits
Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits Betty A. Kildow, CBCP, FBCI, Emergency Management Consultant Kildow Consulting 765/483-9365; BettyKildow@comcast.net 95 th
More information2008-2009 2008-2009 TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY
2008-2009 The Second Annual Trends in Business Continuity and Crisis Communications Survey has been completed with over 700 participants from a wide range of industries and organizational sizes. The Disaster
More informationClinic Business Continuity Plan Guidelines
Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...
More informationUNITED CHURCH OF CHRIST LOCAL CHURCH DISASTER PREPAREDNESS AND RESPONSE PLANNING GUIDELINES
UNITED CHURCH OF CHRIST LOCAL CHURCH DISASTER PREPAREDNESS AND RESPONSE PLANNING GUIDELINES The United Church of Christ local churches may use this plan as a guide when preparing their own disaster plans
More informationDraft 8/1/05 SYSTEM First Rev. 8/9/05 2 nd Rev. 8/30/05 EMERGENCY OPERATIONS PLAN
Draft 8/1/05 SYSTEM First Rev. 8/9/05 2 nd Rev. 8/30/05 EMERGENCY OPERATIONS PLAN I. INTRODUCTION A. PURPOSE - The University of Hawaii System Emergency Operations Plan (EOP) provides procedures for managing
More informationWilliam Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University
William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time
More informationDisaster Recovery and Business Continuity with E-Commerce Businesses
Disaster Recovery and Business Continuity with E-Commerce Businesses Eric Palmer IS 8300 Disaster Recovery/Business Continuity Planning Summer 2012 Abstract: Disaster Recovery and Business Continuity Planning
More informationBusiness Crisis and Continuity Management and Planning
Business Crisis and Continuity Management and Planning Healy P. Palepu Dong Burritt Morhardt J. Freeman Chapter Outline 1. Introduction of topics and concepts to be discussed in this chapter. a. Introduction
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationdisaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE
disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE INTRODUCTION Contingency planning for business continuity (business continuity management) is defined by the Institute of Business
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More information