Chapter II: Business Continuity Management Organization



Similar documents
Chapter I: Fundamentals of Business Continuity Management

Business Continuity and Disaster Recovery Policy

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

COMCARE BUSINESS CONTINUITY MANAGEMENT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

EMERGENCY PREPAREDNESS AND CRISIS MANAGEMENT PLAN

Incident Management Team The Eight Step Implementation Model. The 8 Step

Crisis Communications Plan

Company Management System. Business Continuity in SIA

University of Warwick Emergency Planning Policy

Business Continuity and Disaster Planning

Emergency Response Plan

Appendix 3 Disaster Recovery Plan

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions

BUSINESS CONTINUITY PLAN OVERVIEW

How To Assess A Critical Service Provider

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

South Norfolk Council Business Continuity Policy

CISM (Certified Information Security Manager) Document version:

How To Manage A Disruption Event

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Continuity of Business

Risk Management Guidelines

SEMS/NIMS MANAGEMENT SYSTEM REVISED SEPTEMBER 2007

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

I.T. Disaster Recovery Plan

BRYN MAWR COLLEGE EMERGENCY RESPONSE PLAN Revised 1/2016 (abridged)

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Exam Name: Certified Information Security Manager

Corporate Policy. Emergency Response. Vice President, Finance and Administration. Senior Leadership Team. CR804 Accidents and First Aid Policy

Disaster Recovery Plan Documentation for Agencies Instructions

Disability Sport Events DSE EVENTS CONTINGENCY PLAN

Technology Recovery Plan Instructions

Title: DISASTER RECOVERY/ MAJOR OUTAGE COMMUNICATION PLAN

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

DAMAGE ASSESSMENT ANNEX E

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

ISO 22301:2012 Societal Security Appendix B Business Continuity Management Systems Requirements 347

HB A Practitioners Guide to Business Continuity Management

The PNC Financial Services Group, Inc. Business Continuity Program

Niagara Region Emergency Management Plan

BUSINESS CONTINUITY MANAGEMENT PLAN

Business Continuity Management

Annex 9: Technical proposal template. Table of contents

The PNC Financial Services Group, Inc. Business Continuity Program

Professional Practice Six - Business Continuity Plan Development and Implementation

The Education Fellowship IT Business Continuity Plan

ISO BUSINESS CONTINUITY MANAGEMENT SYStEMS (BCMS) EXPERT IMPLEMENTER

BUSINESS CONTINUITY POLICY RM03

Information Privacy and Security Program Title:

VMIA Business Continuity Initiatives

10-POINT FRAMEWORK. for Pandemic Influenza Business Preparedness

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

Master of Counselling. Practicum & Supervision Handbook

Global Statement of Business Continuity

MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER.

USBC Onboarding Program. Module 2: Orientation to the USBC Board of Directors

CHARTERED ACCOUNTANTS and ASSOCIATE CHARTERED ACCOUNTANTS TRAINING LOG

Business Continuity Policy

Enterprise South Liverpool Academy

Chapter 13. Training, Exercises & Review

Business Continuity Management

PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management

WORK HEALTH AND SAFETY

Hospital Emergency Operations Plan

UNION COLLEGE INCIDENT RESPONSE PLAN

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

RBC Business Continuity Management Program Exercising our Plans. BCAW Presentation

FEDERAL EMERGENCY MANAGEMENT AGENCY (FEMA) INDEPENDENT STUDY COURSE INTRO TO INCIDENT COMMAND SYSTEM FOR FEDERAL WORKERS (IS-100.

Overview. Emergency Response. Crisis Management

Acknowledgement. First edition August 2006 Second edition July 2009 Third edition June 2015

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Management Policy

Department of Defense INSTRUCTION. Reference: (a) DoD Directive , Defense Continuity Programs (DCP), September 8, 2004January 9, 2009

July 22, Counties and County Officers -- Sheriff -- Duties

Alexandrina Council Business Continuity Plan

Business Continuity & Crisis Management

Geographic Area Command

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NOT PROTECTIVELY MARKED

Calhoun County EMA. Job Description EMERGENCY MANAGEMENT OFFICER-I

Business Continuity Management - A Guide to the Italian Premier Control System

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

ICS ORIENTATION Saskatchewan

Disaster Recovery Plan. (Updated Aug 30, 2015)

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Emergency Support Function 14. Recovery

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Emergency Support Function 14 Long-Term Community Recovery and Mitigation

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

Business continuity management policy

business continuity plan for:

Business Continuity Management Program Development Guide

DESIGNING OUR FUTURE

From Vision to Implementation: Integrated Strategic Planning

Transcription:

Objectives Chapter II: Business Continuity Management Organization Determine the organizational requirements to plan for crisis events Identify individuals and teams needed to execute response and recovery plans Define the relationship between the various teams and individuals in the BCM program. Overview of BCM Organization Various individuals, teams and committees have roles in BCM before, during and after a crisis event - developing strategies, establishing the operation requirements and identifying resources needed. The BCM organizational structure selected should be functionally scalable and ready to expand or contract to meet the needs of all crises. All relevant organizational functions should be analyzed and represented (Appendix A: Organizational Functions). Some teams may be organization-wide while others are designated for particular locations. Teams may be comprised of sub-teams suitable to various organizational situations. Teams play a major role in BCM. Each business continuity team has a designated team leader and alternates. To keep the size of the teams to manageable levels, certain employees will often be assigned multiple responsibilities. It should also be kept in mind that some individuals may not be available to perform certain responsibilities during a crisis due to personal situations and alternates should be identified. Where possible, it may be beneficial to assign multiple alternate members, particularly for organizations subject to community-wide disasters. In strategy development, teams identify the duration and scope of outage events, service priorities and key resources on which plans rely. To establish the operation requirements, it is necessary to define the type of service to be provided, the time by which service should be provided and the customers to whom service should be provided. At the onset of a crisis, an organization must shift emphasis from normal operations to safety and security concerns. For most employees, plan execution responsibilities will likely be very different than normal responsibilities. Quick decisions need to be made and key employees need to execute response and recovery plans. It is not possible to effectively execute plans in a crisis situation if decisions are being made by committee. Teams provide for recovery of affected parts of the organization and carry on the normal operations for unaffected parts of the organization. Discussion: Management by Committee Some organizations such as colleges, universities and associations prefer to conduct normal operations by committee. A management by committee approach ensures that everyone knows the plan of action and all participants have the opportunity to express their ideas. What are the problems associated with management by committee during actual crisis events? 1

Key BCM Individuals and Groups The BCM program is under the authority of the Chief Executive Officer (CEO). The CEO or designated alternate is responsible for declaring a disaster on behalf of the organization. The Business Continuity Management (BCM) Steering Committee is the primary decision making group for the BCM program, has oversight for BCM at the corporate level and reviews and approves the BCM program. The BCM Steering Committee, which is comprised of senior management representing all primary functional and support areas, determines the scope, provides resources, develops timeframes and defines responsibilities for the BCM program. Business Continuity Planning Team is responsible for providing professional guidance throughout the development, implementation and maintenance of the BCM program. The Business Continuity Planning Team develops the guidelines, methodologies, standards and best practices to be used in the BCM program. This group is responsible for adherence of all planning activity to the organizational protocols and standards. The Business Continuity Planning Team works with functional and technical individuals throughout the organization to develop plans at the business unit level. A Business Continuity Management (BCM) Coordinator is an individual who has overall responsibility for BCM at each specific location. The BCM Coordinator ensures that the BCM program is properly planned. This includes assisting management in defining objectives and scope, and developing schedules and budgets. The BCM Coordinator utilizes project task forces and reports to senior management on the program s accomplishments. The BCM Coordinator performs regular updates to plan documentation and arranges for periodic plan exercises and actively participates in actual crisis events. The BCM Coordinator provides frequent feedback to management while acting on its behalf. The BCM Coordinator should ideally be a business continuity professional who can work well within an organizational setting and has excellent communication skills to coordinate the work of teams and motivate individuals. The BCM Coordinator should possess strong analytical ability, technical competence, leadership skills and organizational knowledge. The BCM Coordinator has key responsibilities in responding to crisis events and is closely involved with the development, implementation and maintenance of the BCM program. The Crisis Management Team (CMT) has overall responsibility to manage crisis events. The CMT includes senior management with the authority to manage active crisis events and is responsible to: Gather facts and analyze conditions regarding a crisis. Make decisions during a crisis. Allocate internal resources. Obtain needed external resources. 2

Organizations should develop a team to communicate with interested parties regarding crisis events. A Crisis Communication Team should be designated at the corporate level to maintain consistent communications and contact with the media. The Crisis Communication Team communicates with stakeholders and conducts all media communications. The Crisis Communication Team is typically a group at the corporate level with liaison members designated at major organization locations. Crisis communication requires extensive planning and should always involve clear statements so that everyone involved receives consistent information. The most critical individuals are the employee in charge of overall communications and the spokesperson in charge of media communications; a single individual often performs both functions. The Crisis Communication Team should develop emergency plans and materials to prepare for crisis events. The Crisis Communication Team is responsible for the coordination of all information disseminated to employees, customers, the press, the public and other interested parties during times of crisis. An Emergency Response Team (ERT) is an assembly of primary and alternate members at each major location responsible for the response to a crisis. All members are personnel who are familiar with their department s responsibilities. Alternate members execute their responsibilities in the absence or unavailability of the primary member. All primary and alternate members need to be knowledgeable of overall BCM operations. Members must also be available during a crisis. ERT members and/or ERT alternate members are required to attend plan exercises organized by the BCM Coordinator. These points should be considered regarding ERT membership: Team members should be drawn from a range of geographical locations to reduce the probability of severe impact to multiple members from a community-wide crisis. Team members should be capable of handling physically and emotionally stressful situations. Renters and single employees will likely have fewer personal responsibilities after a community-wide crisis. Vacations should be coordinated so that a large number of ERT members are not out of the area at any given time. The organization s Incident Commander is in charge of the ERT. The Incident Commander is the individual responsible for the command and control of all aspects of a crisis. The Incident Commander must have the authority and ability to make quick decisions in critical situations. As the person who is in charge of the response efforts, the Incident Commander should be an officer of the organization. For a significant, organization-wide crisis event, it is not uncommon to find the Chief Operating Officer (COO), and not the CEO, at the top of the chain-of-command for emergency response purposes. 3

It is important for the organization to identify several individuals to serve as the Incident Commander and to specify a chain-of-command. The chain-of-command is the order of authority within the organization. During a crisis, the chain-of-command is not necessarily the same organizational command order used during times of normal operations. The actual Incident Commander will be the available individual who is highest on the chain-of-command. The ERT is headed by the Incident Commander and comprised of management personnel representing areas of the organization that have critical plan execution responsibilities. Overall incident command is relinquished to responding civil authorities at their request. Other teams are involved in the BCM organization. The Damage Assessment Team assesses and documents damages caused by a crisis. The Recovery Team is designated to provide for stabilization and resumption of operations caused by a crisis. Other teams to perform specific functions may be designated by individual departments as necessary. Figure 2.1 - BCM Organization BCM Steering Committee Business Continuity Planning Team Crisis Management Team Crisis Communication Team Emergency Response Team Recovery Team Damage Assessment Team 4

Review Topics 1. Identify reasons why quick decisions are often needed during the initial stages of a crisis event. 2. What are the significant differences between the responsibilities of the CMT and the ERT? 3. What are the characteristics of a person who would be a good leader during a disaster? 4. Does the BCM Coordinator need to be an employee at the senior management level? Case Studies Case Study A-2: Alpha Investment Services (AIS) considers BCM Organization Based on the information previously provided in Case Study A, consider the following: A-2.1 Is there a need for a CMT and an ERT at AIS? A-2.2 A-2.3 Is there a need for an Incident Commander at each building? Is there a need for an ERT at each building? Case Study B-2: Beta Widget Makers (BWM) considers BCM Organization Based on the information previously provided in Case Study B, consider the following: B-2.1 Is there a need for a CMT and an ERT at BWM? B-2.2 B-2.3 Is there a need for an Incident Commander at each Plant? Is there a need for an ERT at each Plant? 5

Continued Copyright (c) 2012 Kurt J. Engemann and Douglas M. Henderson. This is an excerpt from the book Business Continuity and Risk Management: Essentials of Organizational Resiliency, ISBN 978-1-931332-54-5. Rothstein Associates Inc., publisher (info@rothstein.com). See http://www.rothstein.com/textbooks/business-continuity-and-riskmanagement.html This excerpt may be used solely in the evaluation of this textbook for course adoption. It may not be reproduced or distributed or used for any other purpose without the express permission of the Publisher.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information