DEVELOPING ACTIONABLE
|
|
- Cecily Beasley
- 8 years ago
- Views:
Transcription
1 M LIS DE DI M W G TE A TY RI N PR O FE SS NA TIO CA IO OR K DEVELOPING ACTIONABLE AND EFFECTIVE CONTINGENCY PLANS: THINK IT THROUGH! by ITG Consultants, Inc All rights reserved. IN TE
2 CONTENTS INTRODUCTION 2 HISTORY 2 ISSUES AND MAINT POINTS 4 BEST PRACTICES 6 THE SECURITY PLANNING PROCESS 6 CONCLUSION 9 ABOUT ITG CONSULTANTS, INC. 10 INTRODUCTION Benjamin Franklin said, By failing to prepare, you are preparing to fail. When it comes to contingency planning, this is often the case. Many organizations rely on publically available templates instead of developing a custom plan, tailored to their unique operational needs. Both government and private-sector entities produce myriad templates and guidelines that can serve as the basis for a contingency plan. However, these templates are typically conceptual and don t delve deeply enough to address site-specific, issue-specific hazards in actionable and effective ways. There is no one-size-fits-all template adequate for all hazards contingency planning. The Federal Emergency Management Agency (FEMA) asserts its Guide for All-Hazard Emergency Operations Planning is merely a toolbox and stipulates, Each community s [emergency operations plan] must reflect what that community will do to protect itself from its hazards with the resources it has or can obtain. In fact, templates can leave an organization with a false sense of security and preparedness unless additional site- and issue-specific detailed steps are thoroughly considered and documented. Inevitably, situations arise that require the use of contingency plans. In those instances, if an organization is relying on plans that amount to no more than conceptual templates, there will be little time (not to mention resources) to formulate issue-specific responses to help mitigate, respond and recover from the crisis. Having a well-documented, detailed protocol reduces both the stress of making important decisions quickly and the lapsed time in implementing the response. HISTORY Like no other event in recent history, the tragic events that unfolded on September 11, 2001, highlighted the necessity of having detailed plans with which to respond to emergencies. The United States government has subsequently urged both individuals and organizations to develop preparedness plans for dealing with all types of crises. In 2004, FEMA declared the month of September National Preparedness Month to encourage individuals, businesses and communities to ready themselves for all manner of disasters. In most circumstances, preparedness is a state of being ready to face an event or situation, having adequate resources to bear up under that situation in advance of its occurrence. For contingency planning purposes, preparedness is a prescribed set of actions to be taken as precautions against potential crises. Contingency planning is an essential part of a comprehensive security plan that occurs after the initial assessment phase. During the assessment phase, potential risks, threats, and vulnerabilities are identified and evaluated. Once those assessments have been completed and the results prioritized, the contingency 1 U.S. Department of Homeland Security, Federal Emergency Management Agency, Guide for All-Hazard Emergency Operations Planning, Washington DC, September U.S. Department of Homeland Security, Federal Emergency Management Agency, National Preparedness Month Factsheet, Washington DC,
3 The most common mistake made in this era of government-urged contingency planning is for organizations to rely too heavily on agencygenerated templates. planning commences to establish a response for each prioritized risk category identified in the assessments. Based on the risk assessment, a contingency plan establishes protocol and action steps with which to respond to the identified, prioritized risks should they develop into full-blown incidents. Appropriate responses can only be formulated once the possibility of an event has been identified. For example, one doesn t need the same resources to respond to an earthquake as compared to data theft; each situation warrants a different response. Contingency plans are incident-specific in nature and are utilized in three distinct phases: pre-incident, during the incident and post-incident. Pre-incident. Before an incident occurs (but after it s been identified by an assessment), is when a contingency plan is created. The plan hones in on the primary objectives in responding to that incident. Is the chief purpose to keep personnel safe or does inventory need to be preserved? Furthermore, the plan will identify what resources are necessary to execute the desired response and how to best recruit them. Do additional vehicles need to be enlisted to transport staff? How will staff be notified? Additionally, a command chain should be established during this phase of planning so that all parties know from whom to expect information and to whom to defer. During the incident. When a crisis occurs, the contingency plan comes to life. All appropriate parties are notified and the plan is activated. Active incident management takes place, according to the plan s prescribed details, and damage is mitigated. Post-incident. A contingency plan will also account for what follows an incident once the crisis has begun to subside. Are there casualties? What medical triage needs to take place? How will affected persons be reunited with their families? What information needs to be communicated, with whom, and how? Recovery and resumption of normal activity, as expediently as possible, are the chief objectives in the post-incident phase. The most common mistake made in this era of government-urged contingency planning is for organizations to rely too heavily on agency-generated templates. Plan development is frequently delegated to an individual who lacks sufficient knowledge in safety and security matters. Thus, many organizations develop their contingency plans from a template and then errantly assume they are adequately prepared to face an event that requires one. The templates provide a helpful starting point and foundation for contingency planning and satisfy the legal requirement to have one but aren t sufficiently detailed or customized to provide actionable guidance when an incident occurs. Perhaps the greatest obstacle to overcome in contingency planning is the pervasive, it won t happen here mentality. Assuming that crises will only occur within other organizations is both naïve and irresponsible. Furthermore, operating from this posture forces one to respond from a reactive stance, eliminating the benefits of a proactive approach. 3
4 Perhaps the greatest obstacle to overcome in contingency planning is the pervasive, it won t happen here mentality. ISSUES AND MAIN POINTS Planning a crisis response is a challenging effort, complicated by innumerable variables. Even after a plan has been developed, additional issues affect their efficacy, which means maintaining a proactive posture in all aspects is of utmost importance. In order to develop a robust and effective plan, it is essential to address and evaluate the following issues: The OODA loop An effective contingency plan is an actionable plan, one that contains incident-specific steps designed to mitigate loss and aid recovery. When an incident occurs and the plan contains merely conceptual notions, the organization and its leaders are forced into what is known as the OODA loop. The OODA loop is comprised of four cyclical steps: observe, orient, decide, and act. In it, responders are reliant on their powers of observation about how the situation is affecting their organization. They must then orient themselves to their chief objectives within the situation in order to make a decision and then act upon it. The OODA loop is an iterative process that takes precious time in the midst of a crisis and is engaged in during a highly stressful situation that inevitably limits the quality of decision-making due to emotional strain. The OODA loop cannot be completely eliminated since observations and decisions will need to be made in any crisis situation, but a robust plan will allow the loop to be utilized for only those elements that could not be anticipated in the planning process. Reactionary planning An incident portrayed in the news or even occurring to the organization itself often incites a flurry of planning to respond to future incidents of similar nature. While this planning is certainly of value, especially if such events are likely to repeat themselves, it is too narrow in scope to adequately serve as preparation. Merely planning to respond to a similar incident errantly assumes exposure to only one type of risk. Best practices warrant a more comprehensive approach that assesses all the potential risks and formulates responses specific to each. Compilation and storage The detailed nature of an effective, actionable contingency plan will result in a substantially-sized document. If all the associated papers are merely stacked in a box or haphazardly placed in a three-ring binder, they will not be useful in the midst of a crisis due to the user s inability to navigate them efficiently. A tabbed binder will facilitate quick access to the pertinent material and, therefore, a faster response to the identified crisis. Similarly, any visual support contained in the plan in the form of graphics, tables and charts must be simple and clear to best enable the user to put the depicted plan into action. If the document is housed electronically, having a table of contents, with internal hyperlinks, will allow the reader to access the right information rapidly. 4
5 Determining where to keep a contingency plan is part of developing a good plan. If only one copy of the plan exists and happens to be stored in a location inaccessible perhaps because of the crisis itself, that one copy will be altogether ineffectual except to the degree the staff recollects it. Having multiple copies, housed in strategic locations or electronically accessible, is a more prudent approach. USE MULTIPLE STORAGE LOCATIONS A contingency plan is only as good as it is actionable. Training and maintenance A contingency plan is only as good as it is actionable. When organizations establish pre-determined, specific steps to be taken in anticipated scenarios, those entities empower a speedy and effective response when a crisis arises. The fullest benefit is achieved when those responses are already embedded into the knowledge base of the responders. To that end, training and drills are of paramount importance. Such exercises should be conducted on a regular basis, no less frequently than annually and ideally quarterly. Scheduled reviews of the plan to account for any changes in the organization that would warrant plan revisions serve to ensure it remains actionable and also refreshes the staff on the material. The role of emergency responders While some crises do not require law enforcement, fire or emergency medical personnel, most do. Accounting for the role of those professionals in a contingency plan is often overlooked and handicaps the best possible outcomes. For example, distance from those services will increase response time, which, in turn, places a heavier burden on the entity to be more self-reliant in mitigating negative impacts, and therefore may necessitate different resources when a crisis occurs. The means of making information accessible to emergency responders is another variable in contingency planning. Are site plans on file with the county? Are closed-circuit television feeds accessible remotely by law enforcement? What back-up communication channels exist? Though the public agencies frequently often do not aid in developing contingency plans for myriad reasons, factoring their services (and limitations) into the planning process is vital. 5
6 BEST PRACTICES The ideal path to mitigating damage in a crisis and speeding recovery is forged with a customized, specific, and actionable contingency plan. Conducting a full panel of assessments to identify the hazards an organization faces, and then developing specific responses to each scenario, is the best practice. No two plans will be alike, as every entity and situation is different. The development process will include the following components. The plan will only be as useful as the lowest level of training that is fully ingrained in the minds of the team. Training Some organizations have dedicated safety and security professionals to whom the task of contingency planning is appointed. When such a position does not exist, another staff member is selected for the job in addition to his/her regular duties. Often that individual does not have the background or skill set with which to conduct the assessments and formulate the ideal responses. In such instances, contracting the services of a security professional to educate and train the staff member(s), or perhaps facilitate the entire process, is warranted for the benefit of the entire organization. Furthermore, a contingency plan will have key roles to be filled when a crisis arises. Examples include an incident commander, a communication chief, a transportation officer, and a media/public relations staffer. Each of the persons slated to fill such roles (and their replacements) needs to be trained to fulfill the duties assigned to them. Conducting training scenarios and drills with regularity will ensure each member of the contingency response team is equipped for his role. In addition, training serves as a validation of the existing plan (or reveals gaps to be remediated). The plan will only be as useful as the lowest level of training that is fully ingrained in the minds of the team, making training a worthwhile investment. Components As previously stated, no two contingency plans are alike due to the specific, customized nature of every organization. Similarly, every risk requires its own detailed plan. To begin to formulate that plan, one must ask and answer a myriad of W and H questions surrounding the crisis, including but not limited to: Who serves as the incident commander? If that person is unable to serve during the incident, who is the authorized backup? What (or who) is the highest priority in this crisis? Who can aid in the response and how? What is needed to bring the situation to resolution? What physical resources can be deployed to help and where are they located? What technological resources can offer support? 6
7 Every risk requires its own detailed plan. When can emergency responders arrive? Where can safety be assured? Where will different parties convene? How will the response be executed? What limitations exist? CONTINGENCY PLAN COMPONENTS LOGISTICS ROLES ASSEMBLY AREAS COMMUNICATIONS REPATRIATION MEDIA RELATIONS TRAINING RESOURCES CONTINGENCY PLAN Many plans will contain some of the following general elements, though not all will be required in every scenario: A list of roles, naming the person slated to fill each, also specifying a backup in the event someone is away for personal or professional reasons. This list should also detail the command structure to prevent confusion over decision-making authority. Communication strategies for notifying and relaying information to appropriate parties: emergency responders, staff, families of staff, stakeholders, others affected due proximity. The plan should also specify alternative methods of communication in the event the primary channels are interrupted due to the crisis. A protocol for communicating with media to moderate the content and timeliness of information. A compilation of resources available for use in response to a specific scenario, factoring variances due to time of day or year. A logistics management plan, including the identification of any element that may need a surge capacity: human resources, transportation or other equipment requirements. Assembly areas or rendezvous points for all parties affected, as applicable. Potential repatriation requirements. Prescribed intervals for training exercises, and plan review/update. 7
8 Process The prerequisite to contingency planning is conducting a full panel of assessments to identify the organization s exposure to risk. Only once the risks have been determined can plans be developed to respond to them. The following steps assume a comprehensive risk assessment has been completed. Developing a contingency plan without identified risks is an exercise in futility and is strongly discouraged. 1. Identify the risk for which a response is being formulated. Focus specifically on it and avoid the temptation to generalize a response to address anything more than that risk. Should that crisis arise, the response must be tailored to it. 2. Think through the entire life cycle of the event. What happens first (what is the crisis onset)? What happens next? Follow the course of events through to resolution, envisioning all the iterations. Once the chain of events has been considered, determine what response is required at each juncture in the life cycle, based on the answers to the W and H questions. 3. Establish priorities and related responses. What most needs protecting: people, inventory, data or something else? Plot a course of action driven by the priority list. 4. Identify the resources available to meet the needs of the priority. Assess whether limitations on those resources exist based on time, season, or location. 5. Establish structure. Assign roles to staff, prescribe a chain of command, and establish a method of communication. 6. Analyze and adapt the plan. Vet the proposed plan with what if scenarios and modify accordingly. 7. Codify the plan into a cohesive document. Ensure the plan is easy to navigate with labels, tabs, illustrations, or, in the case of an electronic document, hyperlinks. 8. Train and drill the plan. Remediate gaps in skill level and areas the plan failed to address. 9. Conduct After-Action Reviews following training or drilling sessions. Incorporate lessons learned into the plan. 10. Relate appropriate information to applicable parties. Share information with law enforcement, other city or county emergency responders, and any non-government agencies whose services are warranted (e.g. Red Cross). 11. Schedule dates for re-evaluation and amendment. Follow the entire process again, especially steps seven through ten to ensure the plan reflects relevant changes and thus remains actionable. Conduct assessments bi-annually, or more frequently if needed, to identify new risks. 8
9 True preparedness requires spending the time and resources to develop a wellthought-out contingency plan Technology considerations Technology proves to be a double-edged sword in contingency planning. It offers the benefits of cloud-based document storage in addition to off-site backup for business continuity and recovery. This is especially pertinent in contingency plans when risks of cyber-attack or natural/man-made disasters have been identified. However, when contingency plans are housed electronically, power interruption or corrupted systems can hamper access to the document. Having multiple (paper or electronic) copies is recommended to avert being unable to access the plan when it is most needed. Technology can also be leveraged as a tool for a crisis response. Software can be utilized to communicate en masse in a highly efficient manner. Remote access to video surveillance feeds can enable emergency responders to begin formulating their tactics while still en route to the scene. Satellite telephones can work when all other communications infrastructure fail. CONCLUSION Assessing risks, vulnerabilities, and threats is of vital importance to any organization. However, for maximum protection, the job doesn t stop there. Without developing actionable, effective contingency plans to respond to potential incidents, the organization will not achieve its fullest return on the time and fiscal investments made in establishing a comprehensive security plan. Detailed contingency plans help organizations respond more prudently to crises and foster better decision-making in extremely stressful situations. Because so much is at stake during a crisis, relying on generic, conceptual templates is simply unwise. True preparedness requires spending the time and resources to develop a well-thoughtout contingency plan, tailored to the organization s specific needs and issues. In many cases, the expertise to do this internally simply doesn t exist and assistance from an external security planning professional can be a wise investment in the future of the organization. 9
10 ABOUT ITG CONSULTANTS ITG Consultants, Inc. is a Veteran-owned small business based in Pennsylvania providing training, consulting and security management services. David L. Johnson, president of ITG, is certified in Homeland Security Level V, by the American Board for Certification in Homeland Security, previously served on its Executive Advisory Board and also serves as Chairman of The American Board for Certification in Dignitary and Executive Protection. Gale R. Ericksen, vice-president of ITG, is a Certified Protection Professional by the American Society of Industrial Security and is certified in Homeland Security Level III. Together, the leadership team of ITG Consultants has nearly 6 decades of experience in international law enforcement, executive and dignitary protection and training. For more information or a no-obligation discussion, visit our website at or call (866) 904-4ITG. PROFESSIONALISM DEDICATION INTEGRITY TEAMWORK BBB RATING: A+ 10
PR O M W RISK ASSESSMENTS: A Pillar in Security Planning. by ITG Consultants, Inc. 2014. All rights reserved.
M LIS DE DI M W G TE A TY RI N PR O FE SS NA TIO CA IO OR K IN TE RISK ASSESSMENTS: A Pillar in Security Planning by ITG Consultants, Inc. 2014. All rights reserved. CONTENTS INTRODUCTION 2 HISTORY OF
More informationPR O M W THREAT ASSESSMENTS: The Final Pillar of a Tailored Security Program. by ITG Consultants, Inc. 2014. All rights reserved.
M LIS DE DI M W G TE A TY RI N PR O FE SS NA TIO CA IO OR K IN TE THREAT ASSESSMENTS: The Final Pillar of a Tailored Security Program by ITG Consultants, Inc. 2014. All rights reserved. CONTENTS INTRODUCTION
More informationWhy Crisis Response and Business Continuity Plans Fail
Why Crisis Response and Business Continuity Plans Fail 10 Lessons Learned from Real-World Experience Many organizations invest considerable time, money and effort in developing Crisis Response and Business
More informationKeys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits
Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits Betty A. Kildow, CBCP, FBCI, Emergency Management Consultant Kildow Consulting 765/483-9365; BettyKildow@comcast.net 95 th
More informationCampus Security Guidelines. Recommended Operational Policies for Local and Campus Law Enforcement Agencies
Campus Security Guidelines Recommended Operational Policies for Local and Campus Law Enforcement Agencies A project of William J. Bratton, Chief of Police, Los Angeles President, Major Cities Chiefs Association
More informationB E F O R E T H E E M E R G E N C Y
B E F O R E T H E E M E R G E N C Y RESPONSIBILITY / LIABILITY for Homeland Security / Emergency Management Duty of Care - Counties and Cities ARE responsible for the safety of their citizens. Following
More informationBUSINESS CONTINUITY PLANNING
Policy 8.3.2 Business Responsible Party: President s Office BUSINESS CONTINUITY PLANNING Overview The UT Health Science Center at San Antonio (Health Science Center) is committed to its employees, students,
More informationUCF Office of Emergency Management. 2013-2018 Strategic Plan
UCF Office of Emergency Management 2013-2018 Strategic Plan Table of Contents I. Introduction... 2 Purpose... 2 Overview... 3 Mission... 5 Vision... 5 II. Mandates... 6 III. Accomplishments and Challenges...
More informationDepartment of Defense INSTRUCTION. Reference: (a) DoD Directive 3020.26, Defense Continuity Programs (DCP), September 8, 2004January 9, 2009
Department of Defense INSTRUCTION SUBJECT: Defense Continuity Plan Development NUMBER 3020.42 February 17, 2006 Certified current as of April 27, 2011 Reference: (a) DoD Directive 3020.26, Defense Continuity
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationThe handouts and presentations attached are copyright and trademark protected and provided for individual use only.
The handouts and presentations attached are copyright and trademark protected and provided for individual use only. READINESS RESOURCES American Bar Association -- www.abanet.org Disaster Recovery: www.abanet.org/lpm/lpt/articles/slc02051.html
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationEmergency Support Function (ESF) #14 Long-Term Community Recovery
Emergency Support Function (ESF) #14 Long-Term Community Recovery Primary Department(s): St. Louis County Police Department, Office of Emergency Management Support Department(s): St. Louis County Housing
More informationEMERGENCY SUPPORT FUNCTION (ESF) 14 LONG TERM RECOVERY AND MITIGATION
EMERGENCY SUPPORT FUNCTION (ESF) 14 LONG TERM RECOVERY AND MITIGATION Primary Agency: Chatham Emergency Management Agency Support Agencies: American Red Cross Chatham County Building Safety & Regulatory
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationICS for LAUSD EOC and DOC Operation
ICS for LAUSD EOC and DOC Operation Below is some background information on the Incident Command System (used at our schools and in other field operations) and how it applies in an EOC environment. From
More informationOverview of how to test a. Business Continuity Plan
Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test
More informationEmergency Support Function 14 Long-Term Community Recovery and Mitigation
ESF Coordinator: Grant County Emergency Management Primary Agencies: Grant County Emergency Management Grant County Assessor s Office Grant County Public Works Grant County Building Department Support
More informationEvaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION
Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No. 06-08, August 14, 2006 INTRODUCTION This report presents the results of the Office of Inspector General s evaluation of the
More informationTEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS
TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).
More informationChapter I: Fundamentals of Business Continuity Management
Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify
More informationAUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1
AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBusiness Continuity Training and Testing: Narrowing the Gaps
Business Continuity Training and Testing: Narrowing the Gaps Betty A. Kildow, CBCP, FBCI, Emergency Management Consultant Kildow Consulting 765/483-9365; BettyKildow@insightbb.com 93 nd Annual International
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationContinuity of Operations Plan Template
Continuity of Operations Plan Template Office of Water (4608-T) EPA 817-B-14-007 November 2014 Please note: The golden key sticky notes located throughout the template provide additional information and
More informationLAWRENCE COUNTY, KENTUCKY EMERGENCY OPERATIONS PLAN ESF-13
LAWRENCE COUNTY, KENTUCKY EMERGENCY OPERATIONS PLAN LAW ENFORCEMENT AND SECURITY ESF-13 Coordinates and organizes law enforcement and security resources in preparing for, responding to and recovering from
More informationIntel Business Continuity Practices
Intel Business Continuity Practices As a global corporation with locations and suppliers all over the world, Intel requires every designated Intel organization to embed business continuity as a core business
More informationEmergency Management for Schools
Emergency Management for Schools November 15, 2006 U.S. Department of Education Office of Safe and Drug-Free Schools Welcome Deborah Price Assistant Deputy Secretary Office of Safe and Drug-Free Schools
More informationEmergency Management Certification and Training (EMC & T) Refresher Terry Hastings, DHSES Senior Policy Advisor
Emergency Management Certification and Training (EMC & T) Refresher Terry Hastings, DHSES Senior Policy Advisor 2015 NYSEMA Conference 2 Please sign in to ensure that you receive credit for the refresher
More informationCAPABILITY 3: Emergency Operations Coordination
Emergency operations coordination is the ability to direct and support an event 38 or incident 39 with public health or medical implications by establishing a standardized, scalable system of oversight,
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More information85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff
85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate
More informationUnit 5: NIMS Resource Management
Unit 5: NIMS Resource Management This page intentionally left blank. Objectives At the end of this unit, the participants should be able to: Describe the importance of resource management. Define the concepts
More informationMass Casualty Incident Management. Whitepaper By
Mass Casualty Incident Management Whitepaper By Introduction It is the responsibility of governments to ensure safety of the public and provide emergency relief whenever the situation demands it. This
More informationNIMS Study Guide. Lesson One: What Is the National Incident Management System (NIMS)? What is NIMS?
NIMS Study Guide Lesson One: What Is the National Incident Management System (NIMS)? What is NIMS? NIMS is a comprehensive, national approach to incident management that is applicable at all jurisdictional
More informationDisaster Preparedness & Response
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring
More informationSearch & Rescue Merit Badge
FEMA Course IS-100b Introduction to the Incident Command System for Search & Rescue Merit Badge Visual 1.1 Search & Rescue Merit Badge (requirement #5) Complete the training for ICS-100, Introduction to
More informationTable of Contents ESF-12-1 034-00-13
Table of Contents Primary Coordinating Agency... 2 Local Supporting Agencies... 2 State, Regional, and Federal Agencies and Organizations... 2 Purpose... 3 Situations and Assumptions... 4 Direction and
More informationUNION COLLEGE INCIDENT RESPONSE PLAN
UNION COLLEGE INCIDENT RESPONSE PLAN The college is committed to supporting the safety and welfare of all its students, faculty, staff and visitors. It also consists of academic, research and other facilities,
More informationChapter 1: An Overview of Emergency Preparedness and Business Continuity
Chapter 1: An Overview of Emergency Preparedness and Business Continuity After completing this chapter, students will be able to: Describe organization and facility stakeholder needs during and after emergencies.
More informationEmergency Preparedness Guidelines
DM-PH&SD-P7-TG6 رقم النموذج : I. Introduction This Guideline on supports the national platform for disaster risk reduction. It specifies requirements to enable both the public and private sector to develop
More informationEmergency Management Planning Criteria for Assisted Living Facilities (State Criteria Form)
Emergency Management Planning Criteria for Assisted Living Facilities (State Criteria Form) FACILITY INFORMATION: FACILITY NAME: FIELD (ALF Company) ST. LIC. NO.: FIELD (Lic. #) FAC. TYPE: ALF STATE RULE:
More informationEmergency Management Program
Emergency Management Program The Emergency Management and Civil Protection Act, R.S.O. 1990,c.E.9 and its associated regulations and standards, requires all Ontario Municipalities to implement a mandatory
More informationIT Disaster Recovery and Business Resumption Planning Standards
Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:
More informationEmergency Preparedness at Nuclear Power Plants
A White Paper Addressing Compliance with NRC Proposed Rule making Emergency Preparedness at Nuclear Power Plants Ensuring Readiness and Compliance with New NRC Regulation of Emergency Preparedness Programs
More informationI. MISSION STATEMENT. Ensure a comprehensive public health and medical response following a disaster or emergency. SCOPE AND POLICIES
ESF 8 Public Health and Medical Services Coordinating Agency: Health Department Coordinating Agency Cooperating Agencies Health Department Fire and Rescue Department Police Department Office of the County
More informationEmergency Support Function #11 Agriculture and Natural Resources Strategic Plan
Emergency Support Function #11 Agriculture and Natural Resources Strategic Plan 2016-2020 1 Table of Contents Preface...3 Introduction...4 Mission Statement...6 Vision Statement...6 Goals and Objectives...6
More informationNIMS ICS 100.HCb. Instructions
NIMS ICS 100.HCb Instructions This packet contains the NIMS 100 Study Guide and the Test Questions for the NIMS 100 final exam. Please review the Study Guide. Next, take the paper test - record your answers
More informationBusiness Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com
Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationAssisted Living Facilities & Adult Care Comprehensive Emergency Management Plans
Assisted Living Facilities & Adult Care Comprehensive Emergency Management Plans STATUTORY REFERENCE GUIDANCE CRITERIA The Henrico County Division of Fire s Office of Emergency Management provides this
More informationOREGON STATE UNIVERSITY MASTER EMERGENCY MANAGEMENT PLAN
OREGON STATE UNIVERSITY MASTER EMERGENCY MANAGEMENT PLAN Last Edit 2/8/2011 OVERVIEW This document provides a management framework for responding to incidents that may threaten the health and safety of
More informationAPPENDIX G-Emergency Response Plan Template
APPENDIX G-Emergency Response Plan Template BSDW-ERP Template 10/04 EMERGENCY RESPONSE PLAN WATER SECTOR Public Water System Name: PWSID No: Physical Address: City: State: Zip Code: General Phone Number:
More informationBuilding Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program. A Shared Assessments Briefing Paper
Building Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program A Shared Assessments Briefing Paper Abstract Just 43% of incident management professionals report their
More informationHOSPITALS STATUTE RULE CRITERIA. Current until changed by State Legislature or AHCA
HOSPITALS STATUTE RULE CRITERIA Current until changed by State Legislature or AHCA Hospitals and Ambulatory Surgical Centers Statutory Reference' 395.1055 (1)(c), Florida Statutes Rules and Enforcement.
More informationHospital Emergency Operations Plan
Hospital Emergency Operations Plan I-1 Emergency Management Plan I PURPOSE The mission of University Hospital of Brooklyn (UHB) is to improve the health of the people of Kings County by providing cost-effective,
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationWestern Washington University Basic Plan 2013. A part of Western s Comprehensive Emergency Management Plan
2013 A part of Western s Record of Changes Change # Date Entered Description and Location of Change(s) Person making changes 2 1. PURPOSE, SCOPE, SITUATION OVERVIEW, ASSUMPTIONS AND LIMITATIONS A. PURPOSE
More informationThe Joint Commission Approach to Evaluation of Emergency Management New Standards
The Joint Commission Approach to Evaluation of Emergency Management New Standards (Effective January 1, 2008) EC. 4.11 through EC. 4.18 Revised EC. 4.20 Emergency Management Drill Standard Lewis Soloff
More informationEMERGENCY MANAGEMENT PLANNING CRITERIA FOR AMBULATORY SURGICAL CENTERS
EMERGENCY MANAGEMENT PLANNING CRITERIA FOR AMBULATORY SURGICAL CENTERS The following criteria are to be used when developing Comprehensive Emergency Management Plans (CEMP) for all ambulatory surgical
More informationEmergency Preparedness: Learning Objectives. Minimizing and Controlling Future Disasters. SHRM Disaster Preparedness Survey 3.
Emergency Preparedness: 1 Minimizing and Controlling Future Disasters October 7-8, 2013 Presenter: Marna Hayden, SPHR Hayden Resources Inc. www.haydenhr.com Learning Objectives How to develop emergency
More informationEmergency Support Function #14 Long Term Community Recovery and Mitigation
Emergency Support Function #14 Long Term Community Recovery and Mitigation Primary Agency FEMA Board of Visitors Radford University Cabinet Secondary/Support Agencies Radford University Office of Emergency
More informationCRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1
CRR Supplemental Resource Guide Volume 5 Incident Management Version 1.1 Copyright 2016 Carnegie Mellon University This material is based upon work funded and supported by Department of Homeland Security
More informationSouth Puget Sound Community College Emergency Operations Plan Annex H RECOVERY
I. PURPOSE South Puget Sound Community College Emergency Operations Plan Annex H RECOVERY The purpose of this annex is to provide a process to facilitate the College s transition from a disaster situation
More informationContinuity of Operations:
Continuity of Operations: By Robert Marinelli The past twelve months have provided many challenges due to severe weather events. Massachusetts has withstood a major tropical storm, tornados, and several
More informationBusiness, Resiliency and Effective Disaster Recovery. Anne Kleffner, PhD Haskayne School of Business, University of Calgary
Business, Resiliency and Effective Disaster Recovery Anne Kleffner, PhD Haskayne School of Business, University of Calgary CRHNet October 2012 Agenda Business resilience and community resilience in disaster
More informationAMBULATORY SURGICAL CENTERS
AMBULATORY SURGICAL CENTERS STATUTE RULE CRITERIA Current until changed by State Legislature or AHCA Hospitals and Ambulatory Surgical Centers Statutory Reference 3 395.1055 (1)(c), Florida Statutes Rules
More informationGUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004
GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE October 2004 1 1. Introduction Guaranteeing the efficiency and correct operation of money and financial
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationSome companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will.
How Disaster Recovery Planning Can Be Leveraged For Electronic Discovery and Litigation Response Digital Discovery and e-evidence John Connell April 1. 2008 Hurricanes, floods, earthquakes, power outages,
More informationSection VI Principles of Laboratory Biosecurity
Section VI Principles of Laboratory Biosecurity Since the publication of the 4th edition of BMBL in 1999, significant events have brought national and international scrutiny to the area of laboratory security.
More informationFEDERAL PREPAREDNESS CIRCULAR Federal Emergency Management Agency Washington, D.C. 20472 FPC 67
FEDERAL PREPAREDNESS CIRCULAR Federal Emergency Management Agency Washington, D.C. 20472 FPC 67 April 30, 2001 TO: SUBJECT: HEADS OF FEDERAL DEPARTMENTS AND AGENCIES ACQUISITION OF ALTERNATE FACILITIES
More informationPBSi Business Continuity Planning
Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed
More informationSAMPLE IT CONTINGENCY PLAN FORMAT
SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency
More informationGeorgia Emergency Operations Plan. Emergency Support Function # 12 Annex Energy
Emergency Support Function # 12 Annex Energy 2015 E S F C o o r d i nator and Support Ag e n c i e s ESF C oordi na t or Georgia Environmental Finance Authority P rima ry Agenc y Georgia Department of
More informationCYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322
CYBERSECURITY RISK RESEARCH CENTRE http://www.riskgroupllc.com http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 Cyber-Security Risk Research Centre In this era of interconnected and interdependent
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationEmergency Response Plans. More than a phone tree Less than an encyclopedia Doing it just right
Emergency Response Plans More than a phone tree Less than an encyclopedia Doing it just right Background For systems over 3,300 population (1,000 connections) an Emergency Response Plan (ERP) is required
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationEMERGENCY MANAGEMENT PLANNING CRITERIA FOR HOSPITALS
EMERGENCY MANAGEMENT PLANNING CRITERIA FOR HOSPITALS The following minimum criteria are to be used when developing Comprehensive Emergency Management Plans (CEMP) for all hospitals. These criteria will
More informationHow To Prepare For A Disaster
Building an effective Tabletop Exercise Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 3/26/2013 #1 Continuity Plan Testing Flowchart 3/26/2013 #2 1 Ongoing Multi-Year
More informationSYRACUSE CITY SCHOOL DISTRICT
SYRACUSE CITY SCHOOL DISTRICT EMERGENCY OPERATIONS PLAN Sharon L. Contreras, Superintendent of Schools Effective Date: September 2014 1 Table of Contents Contents Section I. Introduction:... 4 1.1 Purpose...
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationTraining Opportunities
FEMA Independent Study Courses IS-288.A: The Role of Voluntary Organizations in Emergency Management To complete the above course please visit the FEMA Independent Study Website at: http://training.fema.gov/is
More informationUNITED CHURCH OF CHRIST LOCAL CHURCH DISASTER PREPAREDNESS AND RESPONSE PLANNING GUIDELINES
UNITED CHURCH OF CHRIST LOCAL CHURCH DISASTER PREPAREDNESS AND RESPONSE PLANNING GUIDELINES The United Church of Christ local churches may use this plan as a guide when preparing their own disaster plans
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationAnimals in Disasters
MODULE B UNIT 6 Animals in Disasters Recovering from a Disaster Overview Federal, State, and local governments work together in any major emergency. Emergency assistance funding is based on the concept
More informationFEMA National Incident. Support Manual
FEMA National Incident Support Manual February 2011 National Manual (Working Draft)ITAU December 1, 2010 U.S. Department of Homeland Security Federal Emergency Management Agency i Contents Chapter 1: Introduction...
More informationSituation Manual Orange County Florida
Situation Manual Orange County Florida 530 Minutes Situation Manual Tabletop Exercise 1 Disaster Resistant Communities Group www.drc-group.com Comeback Ordeal Start Exercise During the exercise it will
More informationEmergency Management Planning Criteria for Ambulatory Surgical Centers (State Criteria Form)
Emergency Management Planning Criteria for Ambulatory Surgical Centers (State Criteria Form) FACILITY INFORMATION: FACILITY NAME: FIELD (Company) FAC. TYPE: ASC STATE RULE: 59A-5, F.A.C CONTACT PERSON:
More informationThe University of Southern Mississippi National Center for Spectator Sports Safety and Security. Sport Event Security Aware Designation
The University of Southern Mississippi National Center for Spectator Sports Safety and Security Sport Event Security Aware Designation Frequently Asked Questions September 2015 What is Sport Event Security
More information