a risk- based approach Tom Clark MBCI, CBCP, CHS-III, CBRM

Similar documents
This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

NIMS ICS 100.HCb. Instructions

The handouts and presentations attached are copyright and trademark protected and provided for individual use only.

EVACUATION Fire / Explosion / Smell of Smoke / Gas Odor / Fire Alarm / Bomb Threat

BUSINESS CONTINUITY PLAN OVERVIEW

Learning about an Emergency Management Plan GET READY NOW!

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

BUSINESS CONTINUITY PLANNING GUIDELINES

Mt. San Antonio College Campus Emergency Response and Evacuation Plan

Emergency Response Plan

Table of Contents ESF

Draft 8/1/05 SYSTEM First Rev. 8/9/05 2 nd Rev. 8/30/05 EMERGENCY OPERATIONS PLAN

ICS for LAUSD EOC and DOC Operation

Business Continuity Plan

Business Continuity Planning and Disaster Recovery Planning

University of California Santa Cruz EMERGENCY RESPONSE PLAN

Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

HOSPITALS STATUTE RULE CRITERIA. Current until changed by State Legislature or AHCA

Emergency Preparedness Tips and Actions for the Workplace

NAIT Guidelines. Implementation Date: February 15, 2011 Replaces: July 1, Table of Contents. Section Description Page

Fundamentals of Business Continuity Planning Have a Plan!

MAJOR PLANNING CONSIDERATIONS CHECKLIST

Business Resiliency Business Continuity Management - January 14, 2014

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore

EMERGENCY MANAGEMENT PLANNING CRITERIA FOR HOSPITALS

Temple university. Auditing a business continuity management BCM. November, 2015

Assisted Living Facilities & Adult Care Comprehensive Emergency Management Plans

Business Continuity Planning for Schools, Departments & Support Units

PREPAREDNESS DRILL DOCUMENTATION FORM

Office of Human Resources A Shared Service of DHS and OHA

Overview of how to test a. Business Continuity Plan

What is an Exercise? Agenda. Types of Exercises. Tabletop Exercises for Executives. Defining the Tabletop Exercise. Types of Tabletop Exercises

Emergency Management of Long-term Care Facilities

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

Western Washington University Basic Plan A part of Western s Comprehensive Emergency Management Plan

Business Continuity Planning (800)

Emergency Management is responsible for coordinating the City of Houston s preparation for and response to emergency situations.

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

OREGON STATE UNIVERSITY MASTER EMERGENCY MANAGEMENT PLAN

Disaster Recovery Plan

UNITED CHURCH OF CHRIST LOCAL CHURCH DISASTER PREPAREDNESS AND RESPONSE PLANNING GUIDELINES

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

How To Plan A Crisis Management Program

Business Continuity Planning Guide

Union College Campus Safety Emergency Action Guide

University of Victoria EMERGENCY RESPONSE PLAN

EMERGENCY PLANS FACT SHEET

ASX SETTLEMENT OPERATING RULES Guidance Note 10

EMERGENCY PREPAREDNESS PLAN FOR

University of California San Francisco Emergency Response Management Plan PART 1 PART 1 OVERVIEW OF EMERGENCY MANAGEMENT.

Emergency Management Certification and Training (EMC & T) Refresher Terry Hastings, DHSES Senior Policy Advisor

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Emergency procedures flowcharts

Business Continuity Template

Continuity of Operations Planning. A step by step guide for business

Administration & Finance

EMERGENCY MANAGEMENT PLANNING CRITERIA FOR AMBULATORY SURGICAL CENTERS

An Introduction to. Business Continuity Planning

Emergency Management Planning Criteria for Ambulatory Surgical Centers (State Criteria Form)

EXECUTIVE CRISIS MANAGEMENT TRAINING. Presented by Roseanne Rostron, CBCP Raido Response

University of San Francisco EMERGENCY OPERATIONS PLAN

Disaster Recovery Plan

FEDERAL EMERGENCY MANAGEMENT AGENCY (FEMA) INDEPENDENT STUDY COURSE INTRO TO INCIDENT COMMAND SYSTEM FOR FEDERAL WORKERS (IS-100.

Emergency Preparedness: Learning Objectives. Minimizing and Controlling Future Disasters. SHRM Disaster Preparedness Survey 3.

AMBULATORY SURGICAL CENTERS

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

BUSINESS CONTINUITY PLAN

Module 14 Handling Emergency Situations

Implementation Date: May 5, Table of Contents. Section Description Page. 1.0 Description Initial Response 2

IT Disaster Recovery and Business Resumption Planning Standards

Evacuation Procedures

AUSTRACLEAR REGULATIONS Guidance Note 10

Emergency Preparedness Guidelines

LAWRENCE COUNTY, KENTUCKY EMERGENCY OPERATIONS PLAN ESF-13

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Business Continuity. Port environment

Business Continuity Planning. Presentation and. Direction

Workforce Solutions Business Continuity Plan May 2014

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010

Emergency Preparedness Plan Assessment

Emergency Preparedness

Emergency Management Planning Criteria for Hospital Facilities (State Criteria Form)

Overview of Business Continuity Planning Sally Meglathery Payoff

NURSING HOME STATUE RULE CRITERIA

UNION COLLEGE INCIDENT RESPONSE PLAN

IT Disaster Recovery Plan Template

SUMMARY of Suggested School Nurse's Roles and Responsibilities from the VERMONT SCHOOL CRISIS GUIDE CRISIS PRIORITIES ROLES & RESPONSIBILITIES ALL

Evaluating and Improving Your Business Continuity Plan

How To Prepare For A Disaster

Minnesota School Safety Center. schoolsafety.dps.mn.gov

Factors to Consider When Developing an Evacuation Plan

EMERGENCY ACTION PLAN Emergency Plan For:

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Hospital Emergency Operations Plan

Transcription:

a risk- based approach Tom Clark MBCI, CBCP, CHS-III, CBRM 1

Goal: Explore achieving Crisis Management Consistency and how it relates to the aspects of Business Continuity Management involving people, process, and technology Emergency Response / Action Plans Crisis Management Business Continuity Plans Disaster Recovery Strategies Tom Clark MBCI, CBCP, CHS-III, CBRM 2

Agenda Definition of a Crisis Current Examples Definition of Crisis Management Approach to Consistent Crisis Management Crisis Prevention Crisis Planning Crisis Training Crisis Response Crisis Recovery Summary Tom Clark MBCI, CBCP, CHS-III, CBRM 3

Definition of a Crisis Any situation that is threatening or could harm people, process, or property Disrupt business operations Damage reputation negatively impact company brand. 4

2013 Examples of a Crisis Bombing Boston Marathon in April Explosion Texas Fertilizer Plant in April Weather Tornado Outbreak (EF5) Oklahoma in May Explosion & Fire Louisiana Chemical Plant in June Civil Unrest Anti-G8 Protests Belfast, Ireland in June Train Crash Spain Worst European Rail Disaster in July Airplane Crash San Francisco Asiana Airlines 777 in July Economic Devaluation of Indian Rupee in August Flooding Colorado 15+ Counties in September Active Shooter Washington Navy Yard in September Active Shooter - Shopping Mall Nairobi, Kenya in September 5

Definition of Crisis Management Avoiding a Crisis when you can Reacting appropriately when you can not. Protect the people Determine the impact to the people, process, and to the business Determine what, where, when, how, and if possible the why of a disruption. Mitigate the source of the Crisis Return to normal business operations 6

Six (6) Stages of a Crisis Warning When a poten*al threat is detected and what the ini*al impact might be Risk Assessment Ini*al assessment, communica*ons of a crisis and the severity of that crisis or impact to business Response Management Resolution Recovery Crea*ng awareness, communica*ons, delivering instruc*ons on what to do, and reques*ng resources Management of crisis, ac*va*on of plans, including providing status updates and changes Le?ng those affected and others know that the crisis is resolved or ge?ng close to a conclusion Returning to normal business opera*ons, post crisis communica*ons, follow up, ADer Ac*on Repor*ng on what happened and what was impacted Tom Clark MBCI, CBCP, CHS-III, CBRM 7

Crisis Management of a Disruption Operational Capability Normal Operations Minimum Acceptable Level of Operational Capability Disruption Occurs Emergency Response Risk Mitigation RTO RPO Return to Normal Operations Restoration Crisis Management Time Prevention and Preparedness Event-Driven Control-based Response Tom Clark MBCI, CBCP, CHS-III, CBRM

Continuity of Operations Interdependencies Tom Clark MBCI, CBCP, CHS-III, CBRM 9

Approach to Crisis Management Crisis Prevention Crisis Planning Crisis Training Crisis Response Crisis Recovery 10

Business Continuity Management Framework Planning Emergency Action Plans Crisis Management Plans Business Continuity Plans Disaster Recovery Plans Immediate Short term Longer term Emergency Response Business Workarounds Crisis Management Disaster Recovery Strategies Business Continuity Plan 11 Tom Clark MBCI, CBCP, CHS-III, CBRM

Understanding Cultural Differences Different values, needs, expectations Different set of risks, regulations, laws, and emergency response Different nomenclature and terminology Establish, understand, and build relationships with local public safety before disruption Use Lunch & Learn Opportunities to share expectations and experiences with each other 12

Understanding Cultural Differences Does the local public safety agencies know you exist? how many employees you have? know your business? understand what is critical to your operations? know your floor plans? 13

Understanding Cultural Differences People in different cultures will use the same words with different meanings. different words with the same meaning. 14

Business Impact Analysis (BIA) Identifying the local risks to the company Identifying what the Financial Impacts would be Identifying what the Operational Impacts would be Identifying the dependencies IT requirements, (systems, applications, storage, hardware ) Resources (Essential and critical employees) Vendors, Suppliers, and Service Providers Identifying Maximum Tolerable Period of Disruption (MTPOD) 15

Threat & Risk Assessments Threat and Risk Assessment (Threat Types) What can hurt us or disrupt the business? Rank and Classify Threats and Risks (Impact Assessment) How much can it cost us? Rank and Classify Vulnerabilities (Controls Assessment) What controls do we have in place and how effective are they? Mitigate Vulnerabilities Implement Controls Tom Clark MBCI, CBCP, CHS-III, CBRM 16

Threat & Risk Assessments Four (4) basic threat types Internal Undirected (such as equipment failure or change) Internal Directed (such as Workplace Violence) External Directed (such as Cyber Attacks) External Undirected (Natural Disasters storms, floods) Tom Clark MBCI, CBCP, CHS-III, CBRM 17

Threat & Risk Assessments Impact Assessment What Can Happen? What is the Possibility of it Happening? What is the Probability of it Happening? What are the Consequences? How much Risk is Management willing to accept? Tom Clark MBCI, CBCP, CHS-III, CBRM 18

Threat & Risk Assessments Probability multiplied by the Consequences Quantifies the Risk Quantitative Risk Assessment (QRA) What Can Go Wrong? Anticipatory Failure Determination (AFD) If I wanted to make something go wrong, how could I do it? Tom Clark MBCI, CBCP, CHS-III, CBRM 19

Risk Assessment Services AON Benfield Storm Prediction Center (SPC) Impactforecasting.com Catastrophic Event Analytics (CEA) NC4 - Situational Readiness Analytics Financial Services - Information Sharing & Analysis Center (FS-ISAC) 20

Public-Private Partnerships Building relationships with local public safety Police Fire Emergency Management County Government Agencies State or Provincial Government Agencies Federal Government Agencies What do they believe are the local Threats and Risks? Tom Clark MBCI, CBCP, CHS-III, CBRM 21

Evaluation of Crisis Plan 1. Does the Crisis Plan identify Crisis Management team by role? 2. How often is your Crisis Plan updated based on any changes? 3. Who prepared the Crisis Plan? Qualified employee or Off the Shelf? 4. Is your Crisis Plan based on a current and local Risk Assessment? 5. Do you have sample Template crisis communications messages? 6. Are there documented considerations to communicate with both internal and external stakeholders? 7. Does your Crisis Plan reflect Supply Chain Management contingency planning that includes all vendors, suppliers, and service providers? 8. Who attends the Crisis Plan training and simulations? 9. Are there alternate or backup Crisis Management team members for every role when the primary is not available? 10. Does the Crisis Plan have a documented approval process in place to reflect who exactly is in charge? 22 Tom Clark MBCI, CBCP, CHS-III, CBRM

Emergency Action Plans People Fire Drills, Shelter in Place, Evacuation Procedures Active Shooter (Workplace Violence) Lock Down Do employees know what to do? Have employees been training on what to do? How often are Drills run to ensure Employee Safety? Who knows where the documentation (EAP) is located? How is the emergency communicated to Employees Customers Vendors, Suppliers, & Service Providers Tom Clark MBCI, CBCP, CHS-III, CBRM 23

Emergency Action Plans People List of employees responsible for activating the EAP Responsibilities of employees activating the EAP Declaration process to Transition to Recovery Site Incident Response Procedures Reporting a Fire Fire Alarm System/Alarm System Signals Medical Emergency Bomb Threat Workplace Violence Suspicious Package Natural Disaster (Severe Weather) Procedures for evacuation including type of evacuation and exit route assignments Procedures for employees who remain to operate critical operations before evacuating Procedures to account for all employees and visitors after evacuation Tom Clark MBCI, CBCP, CHS-III, CBRM 24

Crisis Management Plans Process What do we do first? Who is in Charge? Where do we go? Event Management, is there a documented plan All Hazard on scene approach Incident Command System (ICS) Coordinated Response between Public & Private Sectors Using Common Organizational Processes Specific protocol for crisis communications Emergency Notification MIR3, NotiFind, Everbridge, Send Word Now.. Social Media Twitter, Face Book.. Tom Clark MBCI, CBCP, CHS-III, CBRM 25

Business Continuity Plans Process Are there documented plans reflecting the critical business functions How often are Plans tested for validation What is the Operational & Financial Impact based on the business disruption? Who to call in the event of a disruption (Essential Employees) What to do first in the event of a business disruption What resources will be needed in the event of a business disruption What are the dependencies of the critical function Where to go in the event of a business disruption (Alternate Work Location) When do we activate BCP? How do we continue critical functions in the event of a disruption? Are there manual workarounds not requiring automation? Tom Clark MBCI, CBCP, CHS-III, CBRM 26

Disaster Recovery Plans Technology When do you declare a disaster? Who can declare a disaster? Where is production located and for which business units? What critical business functions are recoverable? (RTO, RPO, RCO) How often are Disaster Recovery Exercises run to verify recovery capacities and capabilities? Critical functions dependent on which applications? What are the interdependencies (OS, platform ) for those applications? What infrastructure network bandwidth, storage, etc is required? How do we recover critical business function capacities after business disruption? Tom Clark MBCI, CBCP, CHS-III, CBRM 27

Disaster Recovery Plans Technology Is there Disaster Recovery (DR) sequence document? How do we resume critical business function capabilities? How do we restore the network connectivity after the disruption? How do we restore missing or lost data after the disruption? What is the process to Return to Normal Business Operations? Who can declare a disaster is over? Is there an Exit Strategy? Tom Clark MBCI, CBCP, CHS-III, CBRM 28

SCM Contingency Planning Supply Chain Management (SCM) is an important aspect of the Crisis Management Plan. Critical business functions are very dependent on multiple vendors, suppliers, and service providers to support various processes. Understanding what products, supplies, or services they provide and the frequency in which they provide those products is vital to running the business operations. Vendors, suppliers, and service providers - contingency plans. How do we contact the vendors during a Crisis? 29

Crisis Training Approach Train Like You Would Fight United States Army Ranger School Professionals train until they cannot get it wrong Theodore Roosevelt Everyone Must Be Trained to know What to Do in a Crisis United States Coast Guard Adapt, Improvise, and Overcome United States Marine Corps Tom Clark MBCI, CBCP, CHS-III, CBRM 30

R A C I Responsible Accountable Consulted Informed Senior Leadership Team (SLT) Senior Management Command Operations Facilities Organizational Functions Activities **Not necessarily in sequential order Initial Assessment of disruption I I R R R R I I I I I Crisis Management Team Activation Decision R C C I I I I I I I I Crisis Management Team Activation R I R I I I I I I I I Detailed Damage Assessment I A R C R R I I I I I Setup of EOC I I A R I I I I I I I Relocation Decision of EOC R A R R I I C C C C C Relocation Planning of EOC I I A R I I C C C C I Relocation Implementation of EOC I C A R I I I I I I I Business Continuity Plan Activation Decision I I A C I I I C R C I Business Continuity Plan Activation I I A C I I I C R C I Purchasing of Supplies (SCM) I A A C I I C R C R I Business Unit Notification Decision - Applications/IT I A C C I I I C R C I Business Unit Notification Decision - Business I A C I I I I I I I R Disaster Recovery Activation Decision I A R C C C I I I I I Disaster Recovery Activation Implementation I C A R C C I I I I I Senior Management Communications C I A R C C C C R R R Employee Communication (general) I A R C I I C C R C I Vendor, Supplier, Service Provider Communication I I A R I I I I R R Media Communication I A R I I I I I C I R Market Communication (Applications/IT) I A R I I I I I C I I Market Communication (Business) I A C I I I I I I I R Crisis Conclusion Exit Strategy I A R C C C C C C C I Return to normal state implementation I I A R C C R R R R I Returned to normal state confirmation I A R C C C C C C C I Shutdown I C A R C C I I I I I Status and Issue Reporting I I A R C C R R R R C Physical Security Human Resources Logistics Planning & Intelligence Finance Corporate Emergency Response Team (CERT) 31

Training Should Include Common definitions of Crisis Management concepts Structure of Crisis Response and Expectations of each employee Roles & Responsibilities of Crisis Management team Understanding the consequences of failing to manage Crisis Understanding expectations of public safety agencies Understanding sequence of What to Do Interactive opportunities to ask for clarification of roles Written test to validate knowledge of Crisis Management Plan Simulation Exercise to experience the sequence of actions. Tom Clark MBCI, CBCP, CHS-III, CBRM 32

Training Should Include Common planning and training documentation Pocket reference material so every employee knows immediately what to do in a Crisis Results from tests and review Lessons Learned Outside public safety agency observers to offer feedback. Frequent testing of Crisis Plan - at least quarterly to verify all employees know what to do first in a Crisis At least one Unannounced and unplanned test. Absolute support from senior leadership Tom Clark MBCI, CBCP, CHS-III, CBRM 33

CRISIS RESPONSE Event Event Observed or Alarm Received Who is Notified of Event? What Do You Do First? Is there a plan? Who do you ask what to do? Where is the plan? 34

Effective Crisis Communications What information is essential? What information can be shared? Who needs the information? Who has the information? How will information flow to all employees? How will information flow to all customers? How will information flow to all public safety agencies? How will information flow to all stakeholders? How will information flow to the media? How information is coordinated for release? 35

Social Media 36

Building Evacuation Evacuation process should be practiced at least twice each year. Normally a compliance requirement in most countries. In the example of a Fire Drill, the normal process is a Fire alarm sounds and strobe lights flash multiple times per minute. All employees exit the building through marked emergency exits. The employees gather in a designated location away from the building and wait for instructions by the floor wardens. The floor wardens are pre-assigned employee volunteers who are responsible for making sure all employees immediately exit through the emergency exits. Do you know who your floor wardens are? Do you know where the Evacuation Process document is located? If electrical maintenance is being performed, and the building Fire Detection System is in the By-Pass mode which means it is not able to detect or report smoke or fire, would you know what to do? Tom Clark MBCI, CBCP, CHS-III, CBRM 37

Shelter in Place Shelter in Place should be practiced at least once each year. Shelter in Place due to outside hazards, employees go to a pre-designated safe area within the building and uses the Public Address (PA) system for notification of the employees. Employees gather in a pre-designated location away from windows and outside walls within the building and wait for instructions by the floor wardens. Do you know where the Shelter in Place pre-designated safe area within the building is located? The Shelter in Place process is used until the All Clear is given and is a recommended by both the Federal Emergency Management Agency (FEMA) and the American Red Cross. Tom Clark MBCI, CBCP, CHS-III, CBRM 38

Shelter in Place Intent is to shelter people within the most interior area in the building to protect people from flying glass and debris. Circumstances, such as during a tornado or a HazMat incident when specifically how and where you take shelter is a matter of survival. Employees cannot be forced to shelter, however there are circumstances when local officials will order that everyone stay put. It is important to speak with your co-workers in advance about sheltering to avoid confusion in the event you need to shelter in place. Plan to communicate with people with hearing impairments or other disabilities or who do not speak the local language. Assign specific duties to employees in advance and verify there are emergency supplies in your shelter locations. DO NOT run or panic. Look for the floor wardens to direct you. Account for all workers, visitors and customers as people arrive in the shelter. Take a head count. Remain in your sheltered location until the All Clear is given Tom Clark MBCI, CBCP, CHS-III, CBRM 39

Active Shooter - Lock Down The ACTIVE SHOOTER process approach. Due to multiple real world incidents, this is a fairly sensitive issue and not yet an established standard in all companies. The most common approach some companies are using is the three (3) step process Evacuate, Hide Out, Take Action. Notification to employees using the Public Address (PA) system that announces an ACTIVE SHOOTER situation is in effect becomes somewhat problematic. The various law enforcement agencies developing a process for the Private Sector suggests that if: Employees can evacuate, they should do so immediately and call 911. Employees can not evacuate the building, they should hide. employees hiding are discovered, they need to take action. Tom Clark MBCI, CBCP, CHS-III, CBRM 40

Crisis Management Team Guiding Principles Locally respond to a crisis or disruption Accurately assess the crisis or business disruption Verify what the impact is to business operations If required, activate the Crisis Management team If required, activate Business Continuity Plans (BCP) If required, declare a disaster and start disaster recovery 41

Crisis Management Team Guiding Principles Increase staffing and / or resource levels as necessary Plan for the possibility of and assume some impact to resources or systems Provides senior leadership the information updates to determine if a disaster needs to be declared. 42

Crisis Management Team Activation Sequence 1. An event or crisis causing a business disruption occurs 2. Facilities or Physical Security will observe or receive indication of an alarm. 3. Facilities or Physical Security will provide initial assessment of disruption 4. The Incident Commander for a specific building or facility will be notified. 5. The initial assessment of the disruption should answer the following questions. Have all employees been accounted for and are any employees injured Are the employees and other people safe? What is the nature of the disruption? Natural Hazard or Man-Made? Does the disruption require an Evacuation of the Facility or a Shelter in Place? Does disruption require activation of a Lock Down due to an ACTIVE SHOOTER? Does the initial assessment of the disruption indicate a loss of facility? What Happened? Briefly describe.. 43

Crisis Management Team Activation Sequence 1. What is the Impact to the Facility and business operations? Has the local utility electrical power been disrupted? Has the local utility water supply been disrupted? Has the local utility natural gas supply been disrupted? Has the local network services or telephone services been disrupted? Has the IT Operations or production been disrupted? Has there been any structural damage to the Facility? 2. How or Where are we at risk? Briefly describe 3. What is the potential for the disruption to escalate? 4. After receiving the initial assessment, the Incident Commander notifies the Senior Leadership Team (SLT) and updates them on potential impact. 44

Crisis Management Team Activation Sequence Crisis Management Bridge is established, the Incident Commander presents an initial assessment of the disruption, what the impact appears to be, and a suggested short term recommendation to mitigate the effects. If the Incident Commander or their backup are not available, then the most senior leadership person on scene needs to: 1. Delegate Command team roles such as continued assessment of disruption to gain additional impact information quickly and verification of the accuracy of the details. 2. Delegate someone to Liaison to Public Safety Agencies on scene 3. Safety Lead needs to ensure employees are safe and clear of and away from any potential danger 4. Communications lead should review pre-scripted messages for senior leadership, employees, and media. 45

Crisis Management Team Activation Sequence The assessment should continue to increase accuracy of disruption details to determine operational impact to business Incident Command should be getting updates from the person assigned to the Liaison role for Public Safety Agencies on scene to determine if there is an indication the loss of public infrastructure such as streets, roads, bridges, highways, etc.. Incident Command utilizing the Communications Lead, should have crafted messages, got them approved, and be ready to send out to employees, and appropriate distribution within the first 45-60 minutes. Communication lead within the Command structure should use the emergency notification system to send the message out. 46

Crisis Management Team Activation Sequence The Crisis Management conference bridge is opened at event + 30 minutes SLT join the bridge SLT is briefed by the Incident Commander on known information about event and business disruption at that time, what is the impact to the business, what, where, and when aspects of the disruption. SLT crafts and delivers a message and determines distribution of message at event + 45 minutes SLT decide on and select action based on the information gathered regarding the specific event 47

Crisis Management Process Flow Incident Commander gets initial assessment information Crisis Management Conference Bridge Line Is opened SLT Members join Crisis Management Conference Bridge Line Incident Commander provides initial assessment briefing SLT Members Discuss what action to take SLT Determines Course of Action Do Nothing; Monitor and get Updates Disruption can be resolved by on site Facilities team Disruption requires outside resources and can be resolved within RTO Disruption can not be resolved and requires declaration of Disaster 48

Crisis Management Team Structure Crisis Management Best Practices use the Incident Command System (ICS) which has been in use for over 30 years and based on standards such as NFPA 1600. Manages disruptions, crisis, and situations locally Uses a common set of organizations and processes. Modular and scalable Interactive management components Establishes common terminology and processes that enable diverse organizations to work together more effectively Incorporates measurable objectives Applicable across a wide spectrum of emergency response, business disruptions, and crisis management disciplines 49

Crisis Management Team Structure Command Operations Logistics & Human Resources Planning & Intelligence Finance 50

Emergency Operations Center (EOC) The Emergency Operations Center (EOC) is a physical location within the Crisis Management Process Provides support areas for Crisis Management, risk assessment analysis, response, relocation, resolution of issue, and if required, the recovery efforts Location should provide: A large central room for functional teams to operate Access to outside voice, data, and video network connectivity A separate meeting room Secure physical access and must be likely to survive the disaster 51

Business Continuity Plan (BCP) A Business Continuity Plan (BCP) reflects a critical function identified by the business The BCP reflects the related supporting processes (usually three). A process is a collection of coordinated and connected work activities which together support the goal of the critical function. The BCP reflects what applications support the critical processes. The BCP reflects what interdependencies the applications requires such as database, platform, and Operating System (OS). 52

Business Continuity Plan (BCP) The BCP reflects what vendors, suppliers, or service providers support the interdependencies The BCP reflects what infrastructure is required to support the interdependencies such as amount of network bandwidth, amount of storage, and Data Center space, cooling, and power. The BCP reflects which essential resources are required to support the critical function. 53

Business Continuity Plan (BCP) Each plan owner and critical function owner determine what the Minimum Acceptable Level of Operational Capability is and what Recovery Time Objective (RTO) is required. If a disruption were to happen that impacted the critical function reflected within the Business Continuity Plan (BCP), this would require the plan owner to activate their BCP. 54

Disaster Recovery (DR) 1. Disaster Recovery (DR) could be required during any of the first three aspects or phases. 2. If the crisis or disruption resulted in the initial assessment determining the loss of a facility or a Data Center, then this would be an example of a requirement for senior leadership to declare a disaster, activating the Disaster Recovery (DR) process. 3. The Disaster Recovery team is responsible for the Disaster Recovery process and is also a key member of the Crisis Management team under the Operations section. 55

Disaster Recovery (DR) Disaster Recovery (DR) requires an understanding of what are the recovery requirements established and selected by the business units reflected into classification by the Tiered Recovery Objectives (TRO). The Tiered Recovery Objectives (TRO) normally consists of two components. 1. Recovery Time Objective (RTO) which is how quickly do you need the application to return to operating normally? 2. Recovery Point Objective (RPO) which is how much data loss are you willing to accept? These values are determined by the business and are based on the Maximum Acceptable Level of Outage. The values are usually driven by the results of the initial Business Impact Analysis (BIA). 56

Disaster Recovery (DR) Due to the complexity of the IT Infrastructure, a Disaster Recovery (DR) requires a specific sequence of recovery steps, tasks, and activities. The IT Infrastructure must be recovered in sequence and each recovery task has dependencies. Every time a change is made to the production environment, that change should also be applied to the Disaster Recovery (DR) environment. 57

TIERED RECOVERY OBJECTIVES (TRO) TIER 1 TIER 1 TIER 2 TIER 2 TIER 3 TIER 3 TIER 4 TIER 4 TIER 5 TIER 5 < 30 Days < 7 Days < 48 Hours < 24 Hours < 10 Minutes < 24 Hours < 72 Hours < 15 Days < 30 Days > 30 Days RECOVERY POINT OBJECTIVE (RPO) How Much Data Loss Are You Willing to Accept? RECOVERY TIME OBJECTIVE (RTO) How Soon Do You Need to Recover? Tom Clark MBCI, CBCP, CHS-III, CBRM 58

Business Recovery versus Disaster Recovery Business Recovery is described as the people, processes and procedures an organization utilizes to perform the critical business functions and verify it can continue during a business disruption affecting an office or a facility. Business Recovery unlike Disaster Recovery is still very much dependent on an organization s technology to still be operational and accessible via the network. Disaster Recovery is required when the organization s production technology is no longer operational or accessible at a specific Data Center location. 59

Summary of Crisis Management Essential employees contact information should be available from anywhere at anytime Be able to communicate simultaneously to large population of employees if needed Get messages out quickly Communicate, communicate, communicate.. Support ongoing evaluation and continuous improvement Test it, validate and verify for yourself the process works 60

Summary of Crisis Management Know What to Do Share With Others What to Do Test What You Know Document What You Do Improve What to Do Better Plan for the Possibilities and Expect Worse 61

Tom Clark MBCI, CBCP, CHS-III, CBRM 62

You Can't Predict... But You Can Plan for the Possibilities! 63

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information